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MANAGERS’  FORUM 

MBA  or  executive  MBA?  Paul  Glen  explains 
three  major  differences,  page  44 


WI-FI  FREEDOM 


A  New  Orleans  official  fights  to  keep  the  city’s  free 
wireless  network  operating  at  high  speed,  page  is 
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SOA  CHALLENGES 


SOA  Hurdles 
Forcini 
In  IT  Units 

Getting  developers,  managers  on 
board  is  worth  the  effort,  execs  say 


BV  HEATHER  HAVENSTEIN 

Many  corporations  and 
government  agencies  that 
are  shifting  from  client/ 
server  technologies  to 
service-oriented  architec¬ 
tures  are  facing  technical 
and  cultural  challenges 
that  are  forcing  an  over¬ 
haul  of  their  IT  develop¬ 
ment  groups. 

Officials  at  Wachovia 
Corp.,  Railinc  Corp.  and 
other  large  corporate  and 
government  IT  shops  have 
taken  measures  to  tackle 
the  myriad  challenges 


We  haven’t 
really  mas¬ 
tered  the  business 
process  part  of  it. 

HARRY  KARR, 


that  come  with  using  SOA 
technology,  including 
changing  roles  for  devel¬ 
opers  and  architects  and 
a  blurring  of  the  lines  be¬ 
tween  IT  development  and 
operations  groups. 

Wachovia’s  retail  bank¬ 
ing  division  this  month 
started  work  on  a  new 
multiyear  SOA  project  to 
create  business  processes 
from  Web  services  that 
can  be  used  in  a  new  call- 
center  application  and 
eventually  be  reused 
across  the  bank’s  various 
customer  channels. 

The  project  is  the 
division’s  first  foray  into 
designing,  assembling  and 
managing  common  busi¬ 
ness  processes  that  span 
multiple  channels,  and 
the  IT  shop  is  feeling  the 
SOA,  page  12 


Big  IT  shops  are 
trying  to  figure  out 
how  to  modernize 
a  trillion  dollars’ 
worth  of  mainframe 
applications,  writes 
Robert  L.  Mitchell. 
Options  include 
rewriting,  replacing, 
migrating  or  encapsu¬ 
lating  the  code.  Page  27 


MySQL  Scheme  Designed 
To  Avoid  Reliance  on  Oracle 

Open-source  vendor  seeks  broader 
line  of  storage  engines  for  database 


BY  ERIC  LAI 

MySQL  AB  plans  to  wean  it¬ 
self  from  any  dependence  on 
rival  Oracle  Corp.  by  building 
a  data  storage  engine  that  will 
work  inside  its  open-source 
database  and  by  encouraging 


more  third-party  vendors  to 
create  similar  storage  engines. 

At  its  annual  user  confer¬ 
ence  this  week  in  Santa  Clara, 
Calif.,  MySQL  plans  to  release 
an  application  programming 
interface  for  developing  stor¬ 


age  engines 
that  can  be 
plugged  into 
its  namesake 
database. 

In  addition, 
the  company 
is  working 
on  an  engine 
of  its  own,  code-named  Falcon, 
CEO  Marten  Mickos  said  last 
week.  The  software  should  be 
ready  for  public  beta-testing 
this  summer  and  is  being  de- 

MySQL,  page  55 


There  are  signs 
that  Linux  may 
be  less  immune 
to  security 
threats  than  it 
was  in  the  past. 

PAGE  8 


Solution:  Hyperion — your  management 
system  for  the  global  enterprise. 

Technology  drives  innovation.  That  makes  you  Chief  Innovation  Officer.  So,  how  do  you 
transform  innovation  from  a  buzzword  into  a  sustainable  part  of  your  business? 
Visionary  CIOs  are  leading  the  way  with  Hyperion  performance  management 
solutions.  With  Hyperion,  you  break  down  the  barriers  between  finance,  operations 
and  planning  and  align  them  around  a  master  data  set.  You  give  everyone  the  tools 
they  need  to  continuously  analyze  and  manage  business  performance — and  invent 
new  ways  to  improve  it.  Isn’t  that  what  real  innovation  is  all  about? 


Leaders  Wanted/CIO  Challenge  Series 

Challenge  #1: 

Teach  everyone  how  to 
innovate  with  IT. 
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FREE  ARTICLE  FROM  HARVARD  BUSINESS  REVIEW 

How  do  other  IT  leaders  drive  innovation? 

Discover  new  insights  and  best  practices  from  the  Harvard  Business  Review  and 
Hyperion.  Co  to  www.hyperion.com/go/leaders 


#  Hyperion 

The  future  In  sight 


©2006  Hyperion  Solutions  Corporation.  All  rights  reserved. “Hyperion  "the  Hyperion  logo  and 
Hyperion’s  product  names  are  trademarks  of  Hyperion.  References  to  other  companies  and  their 
products  use  trademarks  owned  by  the  respective  companies  and  are  for  reference  purpose  only. 


The  cost 

of  getting 

bigger 
just  got 
smaller. 

You  need  more  storage.  You  don't  need  more  fees  or  systems  to 
manage.  The  Pillar  Axiom™  storage  system  lets  you  add  performance 
and  capacity  over  300  TB  per  system,  without  multiple  software 
license  fees.  It  empowers  you  to  manage  data  on  multiple  tiers, 
whether  in  SAN,  NAS  or  both,  through  one  simple  user  interface. 
Because  Pillar  delivers  top-tier  performance  and  capacity,  often  for 
less  than  what  many  companies  pay  just  to  maintain  and  operate 
their  storage  systems,  it  can  really  improve  your  bottom  line. 

To  hear  about  our  new  approach  to  managing  data  storage,  you 
owe  it  to  yourself  to  schedule  a  half-hour  briefing. 

Call  1-877-252-3706  orvisitwww.pillardata.com/smaller 

Learn  the  truth  about  networked  storage. 


CONTENTS 

Geek’s  Garden 

In  the  Technology  section:  This  week’s  stroll  through  the  technology  land¬ 
scape  examines  IBM’s  spin  on  magnetism,  new  imaging  chips  developed 

at  the  University  of  Roch¬ 
ester,  and  the  role  of  slide 
rules  in  putting  a  man  on 
the  moon.  Page  34 
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Turning  to  Technology 

In  the  Management  section:  As  a  confluence  of 
factors  transforms  the  U.S.  workforce,  IT  man¬ 
agers  need  to  be  on  the  lookout  for  potential 
talent,  regardless  of  its  place  of  origin.  Page  41 


NEWS 


6 Oracle  is  expected  to  announce 
today  that  it  will  support 
iSeries-based  J.D.  Edwards 
applications  beyond  2013. 

A  Linux  faces  few  security  threats, 
Ubut  there  are  signs  that  the 
open-source  operating  system  is 
less  immune  to  malware  than  it 
once  was. 

8 New  York  state  proposes  a  plan 
to  deploy  e-voting  machines 
by  this  fall  in  response  to  a  court 
order  to  comply  with  the  federal 
Help  America  Vote  Act. 

4PNew  Orleans  CIO  Greg  Meffert 
lUfights  to  keep  a  free  city  Wi-Fi 
network  running  at  high  speeds, 
despite  a  state  law  limiting  its 
performance  to  128Kbit/sec. 

4ANew  Hampshire  says  FBI  ana- 
•Ulysts  found  no  sign  of  a  data 
breach  on  state  government  server 
that  had  run  a  password  recovery 
program  early  this  year. 

M  Global  Dispatches:  Cisco  plans 
to  expand  its  operations  in 
Saudi  Arabia;  and  Nokia  looks  to 
broaden  the  mobile  technology 
development  work  done  at  a 
facility  in  Chengdu,  China. 

MQ&A:  Marcus  Courtney,  presi¬ 
dent  of  the  Washington  Alli¬ 
ance  of  Technology  Workers,  says 
offshore  outsourcing  and  increas¬ 
es  to  the  H-1B  visa  cap  are  hurting 
U.S.  high-tech  workers. 

CCCalifornia  IT  managers  talk 
UUabout  their  plans  for  keeping 
systems  up  and  running  in  the 
event  of  an  earthquake  as  devas¬ 
tating  as  the  one  that  hit  San  Fran¬ 
cisco  100  years  ago  this  month. 


TECHNOLOGY 

A^Rebuilding  the  Legacy.  Modern- 
fa  I  izing  mainframe  code  and  de¬ 
ciding  what  applications  to  keep 
on  big  iron  have  become  major 
challenges  for  IT  managers. 

QC  Security  Manager’s  Journal: 
OvThese  Rules  Will  Keep  Users 
in  Their  Place.  Mathias  Thurman 
is  counting  on  the  rule  of  least 
privilege  and  separation  of  duties 
to  keep  users  out  of  areas  of  the 
network  they  don’t  belong  in. 

AAQuickStudy:  Virtual  Machines. 
UUEach  of  these  self-contained 
operating  environments,  created 
by  a  software  layer,  behaves  as 
if  it  were  a  separate  computer. 
This  makes  it  possible  to  exploit 
computing  resources  more  ef¬ 
ficiently  and  isolate  applications 
to  improve  security  and  prevent 
cross-corruption. 

MANAGEMENT 

MM  Managers’  Forum.  When  man- 
*f 1 ‘fagement  demands  project 
perfection  on  an  unreasonable 
time  frame,  you’ve  got  a  lot  of 
educating  to  do,  says  Paul  Glen. 
And  speaking  of  education,  he 
discusses  the  differences  between 
executive  MBA  programs  and  the 
garden  variety. 

J  OCareer  Watch.  The  prospects 
*1 Ufor  a  battle  over  IT  talent; 
helping  girls  get  IT;  a  new  certifi¬ 
cation  for  RFID;  and  the  job  out¬ 
look,  eight  years  out. 

M  A  Five  Steps  to  More  Critical 

TllThinking.  Daily  grind  getting 
you  down?  Here  are  some  easy, 
everyday  exercises  to  sharpen  up 
and  get  your  brain  in  gear. 
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4A0n  the  Mark:  Mark  Hall  reports 
lUon  a  vendor  that  claims  its 
business  systems  monitoring 
technology  detects  problems  in 
context  and  in  real  time. 

AADon  Tennant  downplays  news 
fafareports  that  Oracle  might  buy 
Novell.  But  somebody  should  buy 
Novell,  he  says,  because  its  tired 
leadership  is  taking  it  nowhere. 

AAVirginia  Robbins  lists  nine 
fafaways  to  keep  your  sanity  and 
maximize  your  retention  bonus 
when  you’re  being  downsized. 

AQ  Bruce  A.  Stewart  explains 
fallwhat  it  takes  to  get  innovation 
in  IT  organizations,  which  by 
nature  aren’t  innovative. 

M Douglas  Schweitzer  warns  that 
the  default  security  settings 
on  wireless  routers  provided  by 
telecom  vendors  are  inadequate. 

CABarbara  Gomolski  is  excited 
lJUabout  the  opportunities  of  a 
global  economy,  but  she’s  con¬ 
cerned  that  executives  could  woe¬ 
fully  underestimate  what  it  takes 
to  build  a  truly  global  IT  presence. 

CAFrankiy  Speaking:  Frank  Hayes 
Ullsays  that  now  that  the  se¬ 
curity  mess  in  New  Hampshire 
appears  to  be  cleaned  up,  officials 
need  to  make  sure  that  everything 
on  servers  is  documented. 

DEPARTMENTS/RESOURCES 


Linux  Primer  for  Networkers 

OPERATING  SYSTEMS:  Networking  pro  Greg 
Schaffer  says  you’re  missing  out  on  some 
valuable  network-monitoring  tools  if  you’re 
too  intimidated  to  set  up  a  Linux  system. 

O  QuickLink  a8530 

Jail  Tales 

NETWORKING:  Lee  Ratzan  offers  some  tips 
in  case  you  ever  go  behind  the  walls  for  a 
networking  project.  Here’s  one:  Don’t  get 
caught  wearing  the  wrong  color  clothes  in 
the  wrong  area!  ©  QuickLink  a8540 

Managing  Remote  Users 

NETWORKING:  In  Part  2  of  her  column  “Get¬ 
ting  a  Handle  on  Remote  Users,”  Sandra 
Gittlen  looks  at  how  centralizing  equipment 
purchases  through  the  IT  department  pays 
off  in  many  ways  —  not  the  least  of  which  is 
increased  security.  ©  QuickLink  a8550 

TechCast:  Storage  Consolidation 

PODCAST:  This  edition  of  the  Computerworld 
TechCast  discusses  storage  consolidation 
as  a  way  to  help  companies  manage  storage, 
backups  and  recovery  more  efficiently. 

©  QuickLink  a8560 

Security  Survey 

IT  MANAGEMENT:  How  is  IT  responding  to  se¬ 
curity  threats?  This  Computerworld  survey 
of  571  IT  professionals  sheds  light  on  the  se¬ 
curity  strategies,  technologies  and  manage¬ 
ment  techniques  used  in  enterprise  environ¬ 
ments.  Get  the  full  results  in  downloadable 
PDF  format.  ©  QuickLink  a8570 

Hands  On:  Apple  Remote  Desktop  3 

MACINTOSH:  The  latest  version  of  Mac  desk¬ 
top  management  software  offers  a  number 
of  improvements,  says  columnist  Yuval 
Kossovsky  —  and  it’s  a  universal  binary  now. 
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AT  DEADLINE 


HP  Recalls  Batteries 
Reported  to  Overheat 

Hewlett-Packard  Co.  is  recall¬ 
ing  15,700  notebook  batteries 
following  reports  that  they  have 
overheated,  causing  minor  prop¬ 
erty  damage  and,  in  one  instance, 
a  minor  burn  injury.  The  batter¬ 
ies  were  manufactured  in  China 
during  early  January  2005  and 
have  a  bar-code  label  that  starts 
with  “L3.”  The  batteries  were 
used  in  several  HP  notebook 
models,  including  the  HP  Pavil¬ 
ion,  HP  Compaq  and  Compaq 
Presario  lines. 


Hyperion  Buys  Maker 
Of  Data-Quality  Tools 

Hyperion  Solutions  Corp.  has 
agreed  to  acquire  UpStream 
Software  Corp.,  a  provider  of 
financial  data-quality  technol¬ 
ogy.  Hyperion  plans  to  offer 
UpStream’s  tools  as  part  of  its 
business  performance  manage¬ 
ment  suite.  The  tools  can  help 
ensure  that  data  required  for 
compliance  with  the  Sarbanes- 
Oxley  Act  and  other  regulations 
is  accurate.  Terms  of  the  deal, 
which  is  expected  to  close  in  two 
weeks,  were  not  disclosed. 


Federal  E-health 
Leader  Resigns  Post 

President  Bush’s  point  man  for 
health  IT  has  resigned.  David 
Brailer  had  led  the  effort  to 
build  a  national  medical  records 
infrastructure  since  his  appoint¬ 
ment  to  the  post  of  national 
coordinator  for  health  informa¬ 
tion  technology  in  May  2004. 

The  project  aimed  to  convince 
U.S.  health  organizations  to  shift 
from  paper-based  to  electronic 
medical  records.  No  replacement 
was  named. 


Four  HP  High-End 
Workstations  Debut 

HP  today  is  due  to  unveil  four 
workstations  based  on  the  latest 
dual-core  Intel  Xeon  processors. 
The  Xeon  processors  offer  up  to 
64GB  of  memory,  high-speed 
interconnects  and  improved  3-D 
graphics  support.  Pricing  plans 
will  be  disclosed  when  shipping 
starts  next  month. 


Oracle  to  Extend  Support 
For  J.D.  Edwards  iSeries  Apps 


Looks  to  reassure  5,000  customers  it 
inherited  in  PeopleSoft  acquisition 


BY  MARC  L.  SONGINI 

RACLE  CORP.  this 
week  is  expected  to 
announce  plans  to 
continue  upgrading 
and  supporting  J.D.  Edwards 
applications  running  on  IBM’s 
iSeries  platform  beyond  2013. 
The  move  is  part  of  an  Oracle 
effort  to  reassure  the  5,000 
or  so  users  inherited  with  its 
acquisition  of  PeopleSoft  Inc. 
who  run  applications  on  IBM 
hardware. 

The  announcement  is  ex¬ 
pected  during  the  Collaborate 
2006  user  conference  in  Nash¬ 
ville  this  week.  At  the  time 
of  the  acquisition  in  2004, 
Oracle  had  pledged  to  sup¬ 
port  iSeries-based  World  and 
EnterpriseOne  applications 
through  2013. 

Several  new  Oracle  users 
had  questioned  whether  sup¬ 
port  for  the  iSeries  would 
continue  long  after  the  ac¬ 
quisition,  since  Oracle  and 
IBM  are  strong  rivals  in  the 
database  business.  Some  users 
had  feared  that  Oracle’s  next- 
generation  middleware  tech¬ 
nology,  called  Fusion,  would 
lead  to  an  effort  to  wean  World 


Correction 

A  STORY  about  Novell  Inc.  in 
the  April  10  issue’s  News  section 
(“Novell  Struggles  to  Maintain 
Utah  Base")  included  incorrect 
information  about  the  company’s 
founding.  Novell  originated 
in  1979  as  a  hardware  vendor 
called  Novell  Data  Systems  Inc. 

It  was  relaunched  as  a  software 
vendor  under  its  current  name  in 
1983,  with  Ray  Noorda  as  CEO. 
That  same  year,  the  company 
introduced  NetWare,  which  was 
created  by  four  classmates  at 
Brigham  Young  University. 


and  EnterpriseOne  users  off  of 
IBM  hardware,  databases  and 
middleware. 

Lenley  Hensarling,  Oracle 
vice  president  and  general 
manager  of  J.D.  Edwards 
EnterpriseOne  products,  last 
week  said  Oracle  will  continue 
to  support  the  iSeries-based 
applications  as  long  as  the 
business  remains  viable. 

“Some  of  those  that  are  on 
the  iSeries  are  very  religious 
about  that  platform,”  he  said. 

Hensarling  said  the  com¬ 
pany  will  continue  to  update 
the  products.  For  example, 
Oracle  this  week  also  plans  to 
announce  EnterpriseOne  8.12, 
which  will  offer  enhancements 
for  the  automotive  and  the 
food  and  beverage  industries. 

Robert  Robinson,  business 
systems  administrator  at  Durr 
Systems  Inc.,  said  this  week’s 
moves  could  encourage  us¬ 
ers  of  other  applications  to 
buy  World  or  EnterpriseOne. 
The  Plymouth,  Mich.-based 
automotive  supplier  runs  both 
World  and  EnterpriseOne  ERP 
applications. 

The  announcement  should 
also  reassure  customers  al¬ 
ready  running  J.D.  Edwards 
and  the  IBM  hardware  that 
their  investments  are  protect¬ 
ed,  Robinson  said. 

The  Fusion  Option 

The  indefinite  support  will 
be  good  for  customers,  but  an 
Oracle  application  integrated 
with  the  Oracle  database  and 
middleware  could  be  a  better 
solution  for  users,  according 
to  John  Matelski,  president 
of  the  independent  Quest  In¬ 
ternational  Users  Group,  an 
organization  of  J.D.  Edwards 
software  users.  The  group  is  a 
co-sponsor  of  the  Collaborate 
user  conference. 

Matelski,  who  is  also  deputy 
CIO  of  Orlando,  said  that  mi- 


New  Product 


EnterpriseOne  8.12  includes: 

■  A  new  operational  sourc¬ 
ing  module,  which  automates 
request-for-proposai  processes. 

■  Modules  for  agribusiness 
companies,  including  blend 
management,  grower  pricing 
and  grower  management. 

■  Enhanced  human-capital 
management  software,  with 
employee  scheduling,  and 
enhanced  time  and  labor  and 
self-service  capabilities. 

■  A  supply  chain  manage¬ 
ment  application  that  can 

handle  transportation  shipment 
sequencing. 

grating  to  Oracle  technology 
would  likely  provide  most  us¬ 
ers  with  the  best  technology. 

“The  city  of  Orlando  is 
going  to  evaluate  all  of  its  op¬ 
tions  based  on  features  and 


functionality  as  it  is  unveiled,” 
said  Matelski. 

If  Oracle  Fusion  is  opti¬ 
mized  to  run  Oracle  software, 
then  the  city  would  likely  buy 
it,  he  said.  The  city  currently 
runs  EnterpriseOne  on  iSeries 
hardware  and  uses  IBM’s  DB2 
database. 

“Supporting  the  iSeries 
customer  was  always  a  cash 
cow  for  J.D.  Edwards,”  noted 
Joshua  Greenbaum,  an  analyst 
at  Enterprise  Applications 
Consulting  in  Berkeley,  Calif. 
“These  systems  are  extremely 
stable  and  rarely,  if  ever,  need 
any  maintenance  or  upgrades.’ 

Greenbaum  said  Oracle’s 
decision  to  extend  support 
for  the  system  isn’t  surprising 
because  “the  18%  to  22%  [esti¬ 
mated  average]  maintenance 
fee  paid  by  these  customers 
has  a  huge  profit  margin  at¬ 
tached  to  it,  so  it  makes  sense 
for  Oracle  to  support  them 
indefinitely.”  » 


Oracle  Unveils  Its  First 
CRM  OnDemand  Release 


ORACLE  last  week  brought  out 
Oracle  CRM  OnDemand,  the  next 
release  of  the  hosted  offering  of 
the  former  Siebel  Systems  Inc. 

The  new  version  marks  the  first 
use  of  the  Oracle  moniker  on  the 
Siebel  offering.  The  database 
company  completed  its  acquisi¬ 
tion  of  the  hosted  CRM  vendor  in 
January. 

Oracle  CRM  OnDemand  Re¬ 
lease  10  offers  updated  customiza¬ 
tion  capabilities,  improved  sales 
and  service  features,  and  enhance¬ 
ments  targeting  the  life  sciences 
and  financial  services  industries, 
Oracle  said. 

Bruce  Hipkiss,  vice  president 
of  sales  at  Specialty  Sales  and 
Marketing  Inc.,  said  he  was  most 
interested  in  the  customization 
feature  when  the  company  started 
using  a  beta  release  of  the  new 


hosted  version  last  month. 

The  Mississauga,  Ontario-based 
company  provides  sales  and  mar¬ 
keting  services  for  the  automotive, 
heavy-duty  truck  fleet  and  indus¬ 
trial  aftermarket  industries. 

Hipkiss  said  his  company  has 
customized  the  application  to  al¬ 
low  its  workers  to  import  external 
data  into  the  CRM  software.  For 
instance,  salespeople  can  now  see 
financial  reports  inside  customer 
records. 

The  new  system  also  automati¬ 
cally  provides  a  single  record  for 
distributor-  and  supplier-related 
sales  information,  according  to 
Hipkiss. 

Oracle  CRM  OnDemand 
Release  10  is  available  now.  The 
monthly  price  for  the  service  starts 
at  $70  per  user. 

-MARCL.  SONGINI 
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□  CAN  IT  SAVE  US  TIME 


□  WILL  IT  REQUIRE  OUTSIDE  SUPPORT 
□  AND  WHAT  ABOUT  TCO 
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sTget  the  facts. 

TELEFLORA  CHOSE  WINDOWS  SERVER 
OVER  LINUX  AND  UNIX,  AND  SAVED  35% 
IN  DEVELOPMENT  COSTS. 


"Developing  our  new  POS  system  on  Windows 
Server™  2003  and  .NET  cost  us  35%  less  than 
a  Linux  or  UNIX  solution,  and  we're  able  to 
deploy  new  features  and  new  services  twice 
as  fast.  That  gives  us  and  our  25,000  florist 
customers,  a  crucial  advantage  in  our  rapidly 
changing  industry." 

-Jim  sipion,  evp/cto  teleflora. 


For  these  and  other  third-party  findings,  go  to 
microsoft.com/getthefacts 
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Security  Risks  Still  Seen 
As  Small  for  Linux  Users 


But  operating  system  is  slowly  becoming 
a  bigger  target,  some  researchers  say 


BY  ERIC  LAI 

WHEN  THE  Indi¬ 
ana  Department 
of  Education 
rolled  out  PCs 
running  Linux  to  schools  last 
year,  it  installed  open-source 
antivirus  software  on  the  serv¬ 
ers  connected  to  the  desktop 
systems  to  scan  incoming 
e-mail.  But  it  didn’t  bother  to 
put  antivirus  tools  on  the  PCs 
themselves. 

“I  hate  to  admit  this,  but  I 


wasn’t  worried,”  said  Forrest 
Gaston,  a  consultant  who  is 
managing  the  project  for  the 
Indianapolis-based  agency. 
And  despite  heavy  Internet  us¬ 
age  by  students,  Gaston’s  opti¬ 
mism  has  been  borne  out  thus 
far.  Desktop  security  “hasn’t 
been  an  issue,”  he  said. 

Linux’s  relative  immunity 
to  viruses,  spyware,  worms 
and  other  malware  has  long 
been  one  of  the  open-source 
operating  system’s  key  attrac¬ 


tions.  Exhibitors  at  the  Desk¬ 
top  Linux  Summit  2006  in  San 
Diego  this  week  will  certainly 
tout  a  lack  of  security  threats 
as  a  big  selling  point. 

“There  are  almost  no  vi¬ 
ruses  for  Linux.  Certainly,  I’ve 
never  seen  one,”  said  Tom 
Welch,  chief  technology  officer 
at  Linspire  Inc.,  a  San  Diego- 
based  desktop  Linux  company. 

In  a  recent  blog  entry,  Jef¬ 
frey  Jaffe,  Novell  Inc.’s  chief 
technology  officer,  wrote  that 
since  joining  Novell  late  last 
year  and  switching  from  Win¬ 
dows  to  Linux  on  the  desktop, 
viruses  have  become  “things 


Linux  Vendors  Rally  Around  Server,  Desktop  Specs 


MORE  THAN  a  dozen  technology 
vendors,  including  IBM,  Red  Hat 
Inc.  and  Novell  Inc.,  plan  to  support 
an  integrated  server  and  desktop 
Linux  standard  that's  being  unveiled 
by  Free  Standards  Group  Inc.  at  the 
Desktop  Linux  Summit  2006. 

The  FSG,  which  already  has 
crafted  a  server-level  specification 
called  the  Linux  Standard  Base,  an¬ 
nounced  plans  for  a  desktop  version 
of  the  standard  last  October.  The 
two  specifications  have  now  been 
integrated  into  Version  3.1  of  the 
Linux  Standard  Base,  which  the 
FSG  is  due  to  release  at  this  week’s 
conference. 


The  combined  standard  should 
make  it  easier  for  application  devel¬ 
opers  “to  target  the  complete  Linux 
platform,”  the  group  said,  adding 
that  it  hopes  the  simplified  develop¬ 
ment  capabilities  will  help  eliminate 
“a  major  hindrance  for  Linux  desktop 
adoption." 

Efforts  to  convince  more  software 
developers  to  create  Linux  versions 
of  their  desktop  software  have 
also  been  stymied  because  Linux 
supports  both  the  GNOME  and 
KDE  desktop  environments,  mak¬ 
ing  it  hard  to  develop  one  piece  of 
software  that  will  run  on  all  versions 
of  Linux. 


“The  problem  with  standards  on 
Linux  is  that  there  are  currently  too 
many  of  them,”  said  Gregory  Raiz, 
president  of  Raizlabs  Corp.,  a  soft¬ 
ware  company  in  Brookline,  Mass. 

It  will  take  hard  work  to  create  a 
standard  that  is  compatible  with  both 
KDE  and  GNOME,  said  Bruce  Perens, 
vice  president  of  professional  ser¬ 
vices  at  SourceLabs  Inc.  in  Seattle. 

“How  they're  going  to  pull  it  off 
will  be  interesting,”  Perens  said.  In 
the  end,  Linux  providers  may  be 
forced  to  simply  choose  one  of  the 
desktop  environments,  he  added. 

-ROBERT  McMILLAN, 
IDG  NEWS  SERVICE 


of  the  past”  for  him. 

Even  companies  hawking 
Linux  antivirus  products  ac¬ 
knowledge  that  the  operating 
system  doesn’t  suffer  from 
many  security  woes  at  this 
point.  “Our  product  is  more 
used  to  filtering  Windows 
viruses  than  actual  Linux  vi¬ 
ruses,”  said  Ron  O’Brien,  an 
analyst  at  Sophos  PLC,  a  secu¬ 
rity  firm  in  Abingdon,  England. 

But  John  Andrews,  president 
of  market  research  firm  Evans 
Data  Corp.  in  Santa  Cruz, 
Calif.,  said  that  Linux  is  slowly 
becoming  a  bigger  target  for 
attackers.  “Windows  was 
the  only  game  in  town,  but 
now  Linux  is  offering  a  more 
tempting  prize,”  he  said. 

In  a  survey  of  450  Linux 
software  developers  con¬ 
ducted  by  Evans  Data,  just 
under  11%  of  the  respondents 
said  they  had  found  viruses  on 
their  systems  (see  chart).  The 
results,  which  were  released 
earlier  this  month,  show  that 
more  than  a  third  of  the  af¬ 
fected  users  reported  that  they 
had  three  or  more  infections. 
Those  are  the  highest  totals 
ever  reported  in  the  twice- 
yearly  survey. 

Earlier  this  month,  a  cross¬ 
platform  virus  emerged  that 
could  theoretically  infect 
both  Windows  and  Linux 
systems.  Johannes  Ullrich, 
chief  research  officer  at  the 
SANS  Institute  in  Bethesda, 
Md.,  said  that  such  proof-of- 
concept  code  has  traditionally 
presaged  the  development  of 
actual  malware.  “I  think  we’ll 
see  an  increase  in  virus  activ- 


Security  Watch 

How  many  times 
has  your  Linux  system  been 
infected  by  a  vims? 

2.9%:  Twice - 1  Xhr&e ' 

3.5%:  Once times 
.!  or  more 
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ity  as  Linux  becomes  more 
mainstream,”  he  added. 

Novell  and  Red  Hat  Inc. 
both  say  they  have  enhanced 
the  end-user  access  controls  in 
their  Linux  distributions  using 
their  Security  Enhanced  Linux 
and  AppArmor  technologies, 
respectively. 

Some  Linux  users  are  start¬ 
ing  to  implement  more  safety 
measures.  Ritz  Camera  Cen¬ 
ters  Inc.,  which  is  upgrading 
more  than  4,000  point-of-sale 
terminals  in  stores  nationwide 
to  run  Novell  Linux  Desktop, 
is  taking  pains  to  ensure  that 
the  machines  are  isolated  from 
the  Internet,  according  to  Bob 
O’Hern,  senior  vice  president 
of  information  systems  at  the 
Beltsville,  Md.-based  retailer. 

For  example,  he  said,  end 
users  won’t  be  able  to  use  the 
terminals  to  surf  the  Web. » 


New  York  Develops  Plan  to 
Comply  With  E-voting  Law 


BY  MARC  L.  SONGINI 

The  state  of  New  York,  under 
orders  from  a  federal  court, 
earlier  this  month  submitted 
to  the  U.S.  Department  of 
Justice  a  plan  for  complying 
with  the  federal  Help  America 
Vote  Act. 

The  DOJ  had  filed  a  lawsuit 
in  federal  court  on  March  1, 
charging  that  the  state  was 
not  in  compliance  with  HAVA. 
The  statute  dictates  that  each 


state  create  a  database  of 
eligible  voters  and  that  every 
voting  precinct  in  the  country 
have  at  least  one  handicapped- 
accessible  e-voting  machine. 

The  federal  legislation 
called  for  a  Jan.  1, 2006,  com¬ 
pliance  deadline. 

On  March  23,  the  U.S.  Dis¬ 
trict  Court  in  Albany  ordered 
that  the  state  come  up  with  a 
plan  for  adhering  to  the  law. 

The  plan  submitted  to  the 


court  by  the  New  York  State 
Board  of  Elections  creates  a  set 
of  milestones  for  completing 
testing,  training,  procurement 
and  other  processes  required 
to  install  handicapped-acces¬ 
sible  e-voting  systems  and  for 
building  a  voter  database. 

The  plan  also  includes  a 
pledge  that  the  New  York  elec¬ 
tions  board  will  acquire  and 
certify  handicapped-acces¬ 
sible  voting  devices  in  time  for 
the  Sept.  12  primary  election. 
Currently,  the  state  uses  most¬ 
ly  lever-activated  machines. 

The  state’s  plan  also  in¬ 
cludes  guidelines  for  creating 


and  implementing  an  interim 
statewide  voter-registration 
database,  dubbed  NYSVoter  I, 
by  July  1.  The  database  will 
hold  a  single,  centralized 
repository  of  voters,  each 
of  whom  will  be  assigned  a 
unique  identifier. 

For  verification  purposes, 
the  new  database  will  be 
linked  with  databases  from 
the  New  York  Department  of 
Motor  Vehicles,  the  U.S.  Social 
Security  Administration  and 
other  federal  agencies. 

New  York’s  plan  is  to  pat¬ 
tern  the  voter  database  after 
one  implemented  in  the  state 


of  Washington,  which  has 
agreed  to  share  its  technical 
details  free  of  charge. 

Ultimately,  NYSVoter  I 
will  serve  as  the  underlying 
technology  for  a  permanent 
database  system  that  will  be 
completed  in  the  spring  of 
2007,  according  to  the  plan. 

A  spokesman  from  the  New 
York  elections  board  said  in  an 
e-mail  last  week  that  the  board 
is  awaiting  a  response  from 
the  court  and  the  DOJ  about 
the  plan;  he  declined  further 
comment.  A  DOJ  spokesman 
also  declined  to  comment  on 
the  state’s  plan.  * 
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-  Reliable  high-capacity  storage  and  long  archival  life 

-  400GB  capacity  (native) 

-  WORM  (Write  Once  Read  Many)  functionality 

-  Fujifilm  offers  a  customized  barcode  labeling  service, 
applied  directly  to  tape  within  Fuji's  state-of-the-art 
manufacturing  facility 
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Microsoft,  Autodesk 
Lose  Patent  Suit 

A  Michigan  man  has  been 
awarded  S133  million  by  a 
Texas  jury  in  a  patent  dispute 
against  Microsoft  Corp.  and 
Autodesk  Inc.  Microsoft  was 
ordered  to  pay  $115  million  and 
Autodesk  $18  million  to  David 
Colvin,  founder  of  z4  Technolo¬ 
gies  Inc.  Colvin  claimed  two  of 
his  antipiracy  software  patents 
were  used  in  Microsoft’s  Office 
and  Windows  XP  software  and 
Autodesk’s  AutoCAD  programs. 


Novell  Buys  Security 
Vendor  in  $72M  Deal 

Novell  Inc.  has  purchased 
e-Security  Inc.,  a  maker  of  se¬ 
curity  information  management 
and  compliance  monitoring 
software,  for  $72  million.  Novell 
next  month  will  start  selling 
e-8ecurity’s  Sentinel  5  product, 
which  provides  IT  organiza¬ 
tions  with  a  single,  real-time, 
cross-enterprise  view  of  hacker 
attacks  and  other  security  viola¬ 
tions.  New  versions  of  Novell’s 
own  security  software  will  also 
ship  next  month. 


IBM  Revenue  Drops 
With  Sale  of  PC  Unit 

IBM  credited  strong  sales  of  its 
middleware  and  microelectron¬ 
ics  products  for  a  21%  gain  in 
first-quarter  profit.  But  the  com¬ 
pany  cited  the  sale  of  its  PC  unit 
to  Lenovo  Group  Ltd.  for  a  10% 
decline  in  first-quarter  revenue. 
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Flextronics  Sells 
Software  Business 

Singapore-based  Flextronics 
international  Ltd.  plans  to  sell 
its  software  development  busi¬ 
ness  to  an  affiliate  of  buyout  firm 
Kohlberg  Kravis  Roberts  &  Co. 
for  $900  million.  The  bulk  of 
the  software  business  unit  is 
based  in  India,  but  it  has  offices 
worldwide,  according  to  Flex¬ 
tronics.  In  all,  the  unit  has  6,100 
employees. 


[ON  THE  MARK 


HOT  TECHNOLOGY  TRENDS,  NEW  PRODUCT 
NEWS  AND  INDUSTRY  BUZZ  BY  MARK  HALL 


Monitor  Business 
Services  in . . . 


. . ,  real  time  and  in  context.  Nicola  Sanna  dismisses 
much  of  the  systems  monitoring  technology  available 
today.  “They  monitor  components  and  compare  [cur¬ 
rent]  conditions  to  historical  data,”  says  Sanna,  CEO  of 
Reston,  Va.-based  Netuitive  Inc.  But  that  won’t  give 


you  a  true  picture  of 
the  condition  of  your 
business  systems,  he 
says.  “You  also  need 
the  context  in  which 
the  components  oper¬ 
ate,”  Sanna  says,  not¬ 
ing  that  data  sources 
and  the  data  streams 
among  those  sources 
‘change  constantly 
over  time.”  That 
means  your  business  services 
monitoring  tools  had  better 
work  in  real  time.  Netuitive 
SI  and  Service  Analyzer  soft¬ 
ware  does  just  that,  Sanna 
claims.  The  two  products 
learn  and  then  define  normal 
systems  behavior  based  on 
time  of  day,  day  of  the  week 
and  other  factors.  Sanna  says 
that  because  the  software 
runs  in  RAM,  it  can  flag 
abnormal  conditions  based 
on  events  happening  in  the 
here  and  now  —  not  by  look¬ 
ing  back  from  the  hereafter. 
The  tools  also  predict  how 
systems  will  function  over 
the  next  two  hours  so  IT 


can  quickly  redeploy 
resources  to  handle 
spikes  and  troughs  in 
computing  demands. 
By  June,  the  company 
will  upgrade  Netuitive 
SI  to  include  support 
for  monitoring  how 
seasonal  events,  such 
as  the  Christmas 
shopping  rush,  affect 
IT  operations. 

Lock  down  your 
network  from . . . 

...  the  perimeter  to  the  core. 

Automating  network  access 
control  policies  remains  dif¬ 
ficult,  says  Brett  Helsel,  CEO 
of  Lockdown  Networks  Inc. 
in  Seattle.  Agent  software 
is  problematic  because  you 
can’t  install  it  on  everything 


The  ENFORCER  protects  your 
perimeter,  says  Lockdown  Networks. 


SANNA: 

Context  is 
needed  for  busi¬ 
ness  service 
monitoring. 


that  attaches  to  your  network, 
Helsel  contends.  And,  he  says, 
intrusion  -prevention  systems 
are  potential  bottlenecks 
and  endemic  sources  of  false 
positives.  Helsel’s  alternative 
is  the  Lockdown  Enforcer  ap¬ 
pliance.  He  claims  that  the 
Enforcer  knows  all  the  users 
on  your  network,  their  access 
rights,  what  devices  they’re 
using  and  where  they’re  using 
them  —  meaning  you  can  ap¬ 
ply  different  access  policies 
based  on  user  location.  The 
appliance’s  software  is  due 
to  be  upgraded  on  May  15 
with  support  for  Mac  OS  X. 
Pricing  starts  at  $24,995  for  a 
model  that  can  handle  up  to 
2,000  users. 

It’s  OK  to  outsource 
IT  security,  just . . . 


95°/o 

FBI  estimate  of 
the  percentage 
of  companies 
that  had  apps 
attacked  in 
2005. 


. . .  like  anything  else.  David 
Grant,  director  of  product 
management  at  Watchfire 
Corp.  in 
Waltham, 
Mass.,  thinks 
there  are  lots 
of  reasons 
to  put  IT 
security  in 
the  hands  of 
strangers.  For 
one  thing,  he  says,  you  may 
not  have  internal  expertise  in 
areas  such  as  developing  and 
deploying  secure  applications. 
That’s  where  Watchfire’s 
AppScan  service  comes  in. 
Grant  claims  that  it  can  test 
Web-based  apps  over  a  virtual 
private  network  to  see  if  they 
have  buffer  overflow  prob¬ 
lems  or  other  security  holes. 
Starting  at  $4,500  per  month, 
the  service  is  continually  be¬ 
ing  updated  to  monitor  for 
“new  types  of  hacks,”  Grant 
says.  “It’s  a  bit  of  an  arms 
race  between  IT  and  hackers.” 


Collaborate  without 
the  complexity . . . 

...  of  supporting  a  collaborative 

app.  Small  and  midsize  busi¬ 
nesses,  and  even  large  ones, 
often  struggle  with  deploying 
and  managing  big  programs 


like  Lotus 
Notes  —  so 
much  so  that 
many  of  you 
don’t  even 
try.  Well, 
Farzin  Arsan- 
jani  thinks  he 
has  a  service 
just  for  you: 
HyperOffice. 
Arsanjani, 
president  of  the  appropri¬ 
ately  named  HyperOffice 
Inc.  in  Rockville,  Md.,  says 
his  company’s  Web-based 
service  gives  end  users  e-mail 
services  and  lets  them  share 
documents  and  calendars; 
link  messages,  documents 
and  tasks;  maintain  version 
control  over  files;  and  much 
more  —  all  within  a  custom¬ 
ized  portal.  By  mid-May, 
Outlook  users  will  be  able 
to  share  their  calendars  with 
one  another  and  with  Hyper¬ 
Office  calendar  users  without 
the  need  for  Exchange,  ac¬ 
cording  to  Arsanjani.  Pricing 
averages  $7  a  month  per  end 
user. 

Archive  all  messages 
that  are  stored . . . 

. . .  electronically,  at  close  to  real 

time.  Arthur  Riel,  chief  tech¬ 
nology  officer  at  Lighthouse 
Global  Technologies  LLC  in 
Stamford,  Conn.,  spent  five 
years  developing  e-mail  com¬ 
pliance  tools  in  the  financial 
services  industry.  Now  Riel 
claims  that  he  has  the  tool 
he  always  wanted  when  he 
was  inside  IT:  E-Trail  Digital 
Archive.  Lighthouse’s  soft¬ 
ware  captures  and  indexes 
data  in  near  real  time,  Riel 
says.  It  works  with  messages 
and  attachments  in  Exchange, 
Notes  or  any  POP3  mail  sys¬ 
tem.  The  archive  is  stored  in 
a  database  and  linked  to  your 
network  directory  so  you  can 
search  against  a  specific  indi¬ 
vidual’s  content  or  an  entire 
group’s.  Lighthouse  plans  to 
go  public  with  E-Trail  in  mid- 
May.  Pricing  starts  at  about 
$10,000. » 
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Eliminate 

collaboration 

complexity. 


Confessions  of  the  World’s  Most  Demanding  CIOs. 


competition 
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“An  OOCL  container  ship  is  only  the  most  visible  element  of  an  enormously 
complex  enterprise  that  moves  goods  from,  say,  Shanghai  to  Kilkenny. 

“With  our  IT,  we  do  that  better  than  our  competitors.  So  we  compete  against 
our  own  benchmarks. 

“HP  helped  us  get  there  — to  migrate  from  mainframe  to  open  systems, 
and  to  adopt  standards-based  technology  for  real-time  communication  with 
partners.  So  OOCL  can  adapt  to  market-driven  changes  much  faster  than 
other  carriers. 

“Today,  IT  costs  have  dropped  sharply,  and  we  project  double-digit 
growth  for  the  next  five  years. 

“Now  we’ll  try  to  beat  that.” 

-Ken  Chih,  CIO 

Make  change  work  for  you.  Visit  www.hp.com/adapt 


Solutions  for  the  adaptive  enterprise. 
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Continued  from  page  1 

SOA 

pinch  of  the  transition. 

This  and  an  earlier,  less- 
complex  SOA  project  are 
already  presenting  challenges 
to  Wachovia  developers,  who 
must  adjust  their  mind-sets 
from  the  traditional  waterfall 
development  approach  to  a 
more  iterative  one,  according 
to  Harry  Karr,  strategic  archi¬ 
tect  for  the  retail  banking  divi¬ 
sion  at  Charlotte,  N.C.-based 
Wachovia. 

Using  the  waterfall  approach, 
developers  build  monolithic 
applications  in  one  fell  swoop. 
The  iterative  approach  calls  on 
one  group  to  develop  a  service, 
for  example,  while  another 
builds  a  client  to  consume  a 
service,  explained  Karr. 


To  ease  the  taxing  transition 
for  its  application  development 
group,  the  division  brought  in 
new  tools  for  designing  a  de¬ 
velopment  process  and  created 
new  IT  roles. 

“SOA  is  a  set  of  best  prac¬ 
tices,  a  discipline  you  have  to 
follow,”  said  Jason  Bloomberg, 
an  analyst  at  ZapThink  LLC  in 
Baltimore.  “For  the  developer, 
this  means  there  are  new  rules 
they  have  to  follow.  They  don’t 
want  to  follow  any  rules.” 

Tools  for  Change 

Wachovia  used  IBM’s  Infor¬ 
mation  FrameWork  —  a  set 
of  business  models  and  an 
information  architecture  blue¬ 
print  —  in  its  project  to  build 
common  processes  from  ser¬ 
vices  that  can  be  used  by  all 
customer  channels. 

“We  haven’t  really  mastered 


the  business  process  part  of  it,” 
Karr  acknowledged.  “We’re 
trying  to  figure  out  how  to  do  a 
more  iterative  approach  but  also 
outsource.  If  we  had  the  busi¬ 
ness  processes  modeled  ahead 
of  time,  that  might  help  us.” 

In  addition  to  starting  the 
SOA  projects,  Wachovia  plans 
to  begin  outsourcing  a  sig¬ 
nificant  portion  of  its  develop¬ 
ment  and  operations  staff  over 
the  next  year. 

The  bank  has  also  tapped 
Flashline  Inc.  in  Cleveland  for 
its  services  registry,  repository 
and  life-cycle  management 
tools.  Those  should  help  its  de¬ 
velopers  model  the  processes, 
show  dependencies  and  build 
reports  to  help  manage  and 
understand  the  effect  of  the 
changes,  Karr  said. 

The  project  continues  to 
evolve  as  managers  hunt  for 
methods  to  ease  the  work.  For 
example,  Wachovia’s  IT  divi¬ 
sion  last  week  added  a  connec¬ 
tivity  layer  to  its  architecture. 
Karr  said  that  the  new  layer, 
an  enterprise  service  bus 
(ESB)  from  IBM,  can  handle 
message  orchestration,  trans¬ 
formation  and  routing. 

“We’re  trying  to  figure  out 
what  types  of  things  we  have 
to  have  in  place  so  the  out¬ 
sourcers  can  build  in  this  dis¬ 
tributed  environment,”  Karr 
said.  “[With  the  ESB],  we  can 
put  out  some  dummy  services 
for  the  outsourcers  to  use  to 
test  their  services  with.” 

The  chief  architect  of 


|  Steps  to  make  SOA 
j  adoption  easier: 

!  ■  Improve  processes.  Evaluate 

the  maturity  of  change  manage- 
| ;  ment,  resource  management  and 
8;  incident  management  processes  to 
g;  define  best  practices. 


based  on  business  information. 

■  Clearly  define  an  enterprise 
architecture.  A  strong  archi¬ 
tecture  can  help  an  organization 
maintain  SOA’s  promised  agility 
while  adapting  to  meet  changing 
requirements. 


■  Improve  business  service 
management.  Define  and  man¬ 
age  key  services  provided  by  IT; 
measure  IT  performance  in  the 
context  of  those  services. 


and  performance  to  extend 
Web  services  beyond  the  fire¬ 
wall,  the  official  said. 

ZapThink’s  Bloomberg  said 
that  developers  often  find  the 
cultural  changes  associated 
with  a  move  to  an  SOA  more 
taxing  than  the  technology  as¬ 
sociated  with  the  shift. 

“To  move  to  SOA  requires 
organizational  changes  across 
IT  and  even  into  lines  of  busi¬ 
ness,”  he  said.  “Often,  the 
developers  have  to  work  with 
people  they  may  not  have 
worked  with  much  before.” 

As  Cary,  N.C.-based  Railinc 
has  taken  on  more  SOA  proj¬ 
ects,  the  Association  of  Ameri¬ 
can  Railroads  subsidiary  has 
created  training  programs  for 
both  developers  and  recipients 
of  the  services  to  show  the 
benefits  of  the  technology. 

Over  the  past  two  years, 
Railinc,  which  provides  supply 
Continued  on  page  14 


Which  of  the  following  IT  initiatives  does  your 
organization  have  under  way  or  planned? 


Web  services- 
based  system 

Project-  or 
application-level 
SOA  initiative 

Department-  or 
regional-level 
SOA  initiatives 

Enterprise-level 
SOA  initiative 

■  Maintenance  only  0  10o/o  20°/o  30%  40%  50%  60%  70% 

”  PlannedTor  Smooths  PERCENTAGE  OF  RESPONDENTS 

a  Planned  for  next  24  months  BASE:  268  SURVEV  respondents 


<!  ■  Improve  demand  and  portfo- 

jjj!  lio  management.  SOA  can  wors- 
i!  en  the  imbalance  between  demand 
jjj!  for  and  supply  of  IT  services;  IT 
|!  shops  must  learn  to  reject  requests 


enterprise  architecture  at  a 
large  U.S.-based  financial  in¬ 
stitution,  who  asked  not  to  be 
named,  said  recently  hired  de¬ 
velopers  there  are  embracing 
the  organization’s  shift  to  SOA. 

At  the  same  time,  veteran 
mainframe  and  legacy  experts 
are  bucking  the  change.  The 
plan  to  use  SOA  technology 
“has  not  been  easy  for  our  de¬ 
velopers,”  the  architect  said. 

To  ease  the  transition,  the 
financial  institution  created  a 
grass-roots  community  for  its 
1,200  developers  to  share  best 
practices  and  connect  with  the 
owners  of  Web  services. 

In  addition,  the  organization 
is  helping  the  mainframe  and 
legacy  developers  fine-tune 
their  skills  while  it  hires  new 
developers  for  the  SOA  project, 
the  architect  added. 

The  institution  plans  over 
the  next  18  months  to  create  an 
SOA  with  sufficient  security 


New  Job  Functions  Emerge  With  SOAs 


BUSINESS  ARCHITECT.  Process 
analyst.  SOA  enterprise  architect. 

These  are  the  job  titles  various  or¬ 
ganizations  are  applying  to  an  emerg¬ 
ing  role  being  filled  by  those  well 
versed  in  business  and  technology  to 
oversee  service-oriented  architecture 
projects. 

The  holder  of  the  new  job  will  be 
charged  with  identifying  services  that 
can  be  reused  across  an  enterprise, 
finding  sen/ices  in  a  repository,  simu¬ 
lating  scenarios  for  the  processes 
to  run  and  determining  metrics  to 
measure  the  effectiveness  of  an 
organization's  processes. 

The  position  will  be  part  of  either 


central  IT  or  a  Sine  of  business, 
depending  on  the  company,  execu¬ 
tives  said. 

Some  IT  managers  interviewed 
last  week  said  they  are  training 
internal  business  analysts  to  take 
on  the  new  role.  However,  several 
also  noted  that  the  job  requires  more 
technical  expertise  than  most  busi¬ 
ness  analysts  have. 

The  chief  architect  of  enterprise 
architecture  at  a  large  U.S.-based 
financial  institution,  who  asked  not  to 
be  named,  said  the  new  role,  called 
business  architect  in  that  organiza¬ 
tion,  is  starting  to  spread  through 
the  institution’s  lines  of  business  as 


they  transform  legacy  applications  to 
services  running  within  an  SOA. 

The  units  are  using  business  archi¬ 
tects  to  perform  in-depth  reviews  of 
processes,  the  architect  said. 

“They  are  modernizing  their  current 
business  processes  and  restructur¬ 
ing  or  re-architecting  the  business 
first,”  the  architect  said.  The  orga¬ 
nization  first  turned  to  outsourcing 
firms  to  take  on  the  role,  but  now  the 
“business  lines  are  cultivating  talent 
that  historically  have  been  business 
analysts.” 

Dennis  Byron,  an  analyst  at  IDC, 
said  he  expects  more  IT  organiza¬ 
tions  to  add  such  a  position,  which 


IDC  calls  a  process  analyst,  to  over¬ 
see  the  creation  of  composite  ap¬ 
plications  from  services  rather  than 
by  coding. 

“We  expect  to  see  a  trend  where 
people  within  sales,  human  resourc¬ 
es  and  manufacturing  departments 
will  become  almost  like  the  develop¬ 
ers,"  he  said.  “They  will  understand 
the  business  process.  They  will  drag 
and  drop  flowchart  stuff  around  and 
automatically  change  the  [process] 
flows  under  the  covers.” 

Bhaskar  Chakrabarti,  principal  IT 
architect  at  JPMorgan  Chase  &  Co. 
in  New  York,  said  he  expects  that  the 
emerging  IT  role,  which  his  company 
calls  an  SOA  enterprise  architect,  will 
team  with  business  architects  and 


_ 


process  analysts  to  champion  SOA 
initiatives  and  guide  the  organization 
toward  an  SOA. 

“For  [an  SOA]  to  shape  up,  an 
SOA  champion  is  definitely  needed 
[to]  shepherd  the  entire  forum  of 
SOA  and  try  to  sell  the  benefits  to 
business,  and  bring  together  busi¬ 
ness  and  IT,”  he  said. 

Although  JPMorgan  has  for  the 
past  several  years  built  point-to-point 
Web  services  to  integrate  applica¬ 
tions,  the  company  won’t  begin 
to  build  new  business  processes 
out  of  Web  services  until  next  year, 
Chakrabarti  said.  At  that  time,  he 
added,  the  company  will  be  creating 
the  SOA  enterprise  architect  job  title. 

-  HEATHER  HAVENSTEIN 
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The  Objects  Of  Your  Desire. 

Cache  is  the  first  multidimensional  database  for  transaction  processing  and  real-time  analytics.  Its 
post-relational  technology  combines  robust  objects  and  robust  SQL,  thus  eliminating  object-relational 
mapping.  It  delivers  massive  scalability  on  minimal  hardware,  requires  little  administration,  and 
incorporates  a  rapid  application  development  environment. 

These  innovations  mean  faster  time-to-market,  lower  cost  of  operations,  and  higher  application 
performance.  We  back  these  claims  with  this  money-back  guarantee:  Buy  Cache  for  new  application 
development,  and  for  up  to  one  year  you  can  return  the  license  for  a  full  refund  if  you  are  unhappy  for  any 
reason*  Cache  is  available  for  Unix,  Linux,  Windows,  Mac  OS  X,  and  OpenVMS  -  and  it's  deployed 
on  more  than  100,000  systems  ranging  from  two  to  over  50,000  users.  We  are  InterSystems,  a  global 
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Try  an  innovative  database  for  free:  Download  a  fully  functional,  non-expiring  copy  of  Cache,  or  request  it  on  CD,  at  www.InterSystems.com/Cachel7A 


*  Read  about  our  money-back  guarantee  at  the  web  page  shown  above. 
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Unisys  to  Lay  Off 
3,600  After  Loss 

Unisys  Corp.  announced  plans  to 
cut  its  workforce  by  3,600  people 
after  reporting  a  $28  million  first- 
quarter  loss  on  flat  sales.  The 
cutbacks  will  be  spread  among  its 
worldwide  workforce. 


UNISYS  BY  THE  NUMBERS 

REVENUE 

Q1  ’06 

S1.4B 

(S28M) 

Q1  ’05 

$1.4B 

($46M) 

Microsoft  to  Preview 
New  WSUS  Version 

Microsoft  Corp.  plans  to  offer  its 
users  a  peek  at  the  next  version 
of  its  Windows  Server  Update 
Services  software  at  this  week’s 
Microsoft  Management  Summit 
in  San  Diego.  WSUS  3.0,  a  free 
alternative  to  Microsoft’s  Sys¬ 
tems  Management  Server,  can  be 
used  to  control  the  deployment 
of  Microsoft  patches  and  security 
updates.  The  version  includes  a 
new  interface,  according  to  the 
company. 


Intel  Cites  Slump  in 
PC  Sales  for  Poor  Q1 

Intel  Corp.  reported  a  5%  decline 
in  first-quarter  revenue  and  a 
41%  drop  in  profits,  blaming  a 
slump  in  PC  growth  rates.  Indus¬ 
try  experts  also  cited  increasing 
competition  from  Advanced  Micro 
Devices  Inc. 


INTEL  BY  THE  NUMBERS 

REVENUE 

Q1’06 

S8.9B 

S1.3B 

Q1  ’05 

S9.4B 

S2.2B 

SEA,  HP  Unveil 
Joint  RFID  Offering 

BEA  Systems  Inc.  and  Hewlett- 
Packard  Co.  have  agreed  to  work 
together  to  create  new  smart-tag 
systems  to  help  businesses 
streamline  their  supply  chain  op¬ 
erations.  The  package  of  products 
and  services  will  include  BEA’s 
WebLogic  RFID  technology  and 
HP’s  RFID  implementation  exper¬ 
tise  and  global  sales  and  support 
network.  The  joint  offering  tar¬ 
gets  manufacturers,  retailers,  and 
distribution  and  transportation 
companies. 


chain  information  to  460  rail¬ 
roads,  has  developed  several 
external  Web  services  for  its 
clients  —  including  one  that 
went  into  production  in  March 
to  allow  railroads  to  report 
rail-car  repairs. 

The  latest  initiative  includes 
various  project  teams  within 
IT  and  the  lines  of  business 
that  are  creating  reusable 
services  for  application  devel¬ 
opment,  said  Garry  Grandlien- 
ard,  Railinc’s  IT  director  of 
enterprise  architecture.  The 
project  is  slated  for  completion 
by  year’s  end. 

The  training  sessions  aim  to 
show  developers  and  manag¬ 
ers  the  benefits  of  building  an 
SOA  and  why  they  should  buy 
into  the  concept,  he  said. 

“They  may  have  to  help 
build  something  today,  but 
maybe  later  this  year  they  may 
be  the  recipient  of  the  service,” 
Grandlienard  said.  “We  have 
to  help  them  see  the  bigger 
picture  of  why  this  is  a  good 
thing  to  invest  in.” 

The  state  of  Kentucky  used 
senior  developers  in  its  early 
SOA  projects  and  is  forming 
an  integration  governance 
group  and  a  competency  cen¬ 
ter  to  extend  training  to  more 
of  its  staff. 

The  state  has  built  various 
applications  using  a  service- 
oriented  approach.  Among 
them  is  an  enterprise  system 
that  will  allow  the  state’s  rev¬ 
enue  department  to  streamline 
the  collection  of  delinquent 
taxes  and  a  service  to  allow  the 
U.S.  Department  of  Justice  to 
query  Kentucky’s  sex-offender 
registry. 

Kentucky’s  IT  shop  is  now 
moving  to  tackle  its  newest 
SOA  challenge  —  identifying 
opportunities  to  re-engineer 
business  processes  and  creat¬ 
ing  the  associated  supporting 
infrastructure,  said  Ashiq 
Zaman,  branch  manager  in  the 
Office  of  Application  Develop¬ 
ment  in  the  Commonwealth 
Office  of  Technology. 

The  District  of  Columbia 
earlier  this  year  went  live  with 
an  SOA-based  system  called 
CapStat,  which  uses  Web  ser- 


HSome  of  my  junior 
developers  think  all 
I  am  doing  is  adding  over¬ 
head,  and  they  don’t  see  the 
value  of  the  reusability  yet. 

DAN  THOMAS,  DIRECTOR  OF  THE  DCSTAT  PROGRAM  IN  THE  DIS¬ 
TRICT  OF  COLUMBIA'S  OFFICE  OF  THE  CHIEF  TECHNOLOGY  OFFICER 


vices  to  help  emergency  com¬ 
mand  centers  in  Washington 
and  surrounding  areas  coordi¬ 
nate  responses  in  the  event  of 
a  natural  disaster  or  terrorist 
attack.  The  district  also  has 
a  program  called  DCStat  that 
uses  Web  services  to  monitor 
the  delivery  of  municipal  ser¬ 
vices.  It  has  been  expanding 
that  program  since  the  begin¬ 
ning  of  the  year. 

Despite  those  efforts,  Dan 
Thomas,  director  of  the  DCStat 
program  in  the  district’s  Office 
of  the  Chief  Technology  Of¬ 
ficer,  noted  that  the  city’s  devel¬ 
opers  are  still  “not  the  biggest 
believers”  in  SOA.  “Some  of 
my  junior  developers  think 
all  I  am  doing  is  adding  over¬ 
head,  and  they  don’t  see  the 
value  of  the  reusability  yet,” 
Thomas  said. 

To  address  such  skepticism, 
his  group  developed  a  meta¬ 
data  engine  to  help  track  down 
services  as  they  are  mixed  and 
matched  to  build  new  applica¬ 
tions.  The  engine  associates 
metadata  with  data  to  be  used 
in  a  service  as  it  is  pulled  from 
a  source  system. 

The  Final  Payoff 

Despite  the  technical  and 
cultural  challenges  of  SOA, 
the  returns  can  be  substantial, 


THE  MOVE  to  service-oriented  ar¬ 
chitectures  is  requiring  development 
groups  in  some  companies  to  forge 
closer  relationships  with  IT  opera¬ 
tions  and  deployment  groups. 

For  example,  American  Modern 
Insurance  Group  Inc.  must  bring  to¬ 
gether  its  developers  and  the  team 
responsible  for  deploying  applica¬ 
tions  as  it  continues  an  SOA  project 
that  will  replace  two  Unisys  Clear- 
Rath  mainframes  and  two  databases 
with  a  single  IBM  zSeries  mainframe 
running  the  DB2  database. 

The  $62  million  project  will  also 
replace  a  core  legacy  Cobo!  applica¬ 
tion,  said  Patrick  Law,  vice  president 
of  infrastructure  at  the  Amelia,  Ohio- 
based  insurer. 

Law  said  the  two  groups  must 
decide  together  how  best  to  “pack¬ 
age”  the  services  to  gain  optimum 
performance  and  reliability.  In  addi¬ 
tion,  a  cooperative  effort  is  needed 


successful  users  say. 

SOA  veteran  Helvetia 
Patria  Group,  an  insurance 
company  in  St.  Gallen,  Swit¬ 
zerland,  has  seen  a  201% 
return  on  investment  since 
launching  its  SOA  six  years 
ago.  Helvetia  officials  said  the 
SOA  project  cut  IT  costs  for 
the  company’s  Internet-based 
businesses  by  59%. 

Helvetia  overcame  the 
“tough  exercise”  of  bringing 
developers  on  board  by  using  a 
change  management  program 
from  Hewlett-Packard  Co., 
said  Didier  Beck,  director  of 
Helvetia’s  eBusiness  Center. 

Beck  said  the  HP  tools  and 
services  helped  developers 
integrate  15  systems  into  a  cen¬ 
tralized  SOA  platform.  “The 
way  we  are  working  today  is 


to  determine  which  services  will 
run  on  specific  platforms,  such  as 
host  servers,  application  servers 
and  portals.  “In  the  old  days,  there 
was  no  such  concept  as  needing  to 
worry  about  packaging,  because  ev¬ 
erything  [was]  put  on  one  machine 
and  run,”  he  said. 

T-Mobile  International  A6  is 
working  to  ensure  cooperation 
between  IT  development  and 
operations  groups  for  an  SOA 
project  set  to  start  in  May.  The  ef¬ 
fort  is  aimed  at  creating  a  common 
authentication  and  authorization 
services  layer  for  a  micropayments 
application. 

Such  cooperation  between  the 
groups  would  also  ease  the  process 
of  executing  several  similar  SOA 
projects  that  are  slated  to  begin 
over  the  next  two  years,  said  Alastair 
Wade,  principal  consultant  at  Buf¬ 
falo,  N.Y.-based  Computer  Task 


really  very  different  because 
before,  there  wasn’t  any  con¬ 
tact  between  the  different 
subsidiaries  —  they  had  all 
their  own  development  proc¬ 
esses  and  tools,”  Beck  said. 
“The  consequences  and  impact 
were  really  quite  high.” 

The  new  development  proc¬ 
esses  included  centralizing 
change  management  and 
software-release  schedules, 
Beck  said.  In  addition,  the 
company  now  provides  all 
new  developers  with  six  to 
12  months  of  training  at  its 
eBusiness  Center,  where  it 
centrally  manages  the  SOA. 

“An  SOA  implementation 
is  really  a  journey,”  Beck  said, 
“and  you  have  to  invest  a  lot 
before  you  can  reach  a  new 
agility  level.”  » 


n  SOA  Projects 

Group  Inc.,  which  is  working  with 
Bonn-based  T-Mobile  on  the  project. 

Wade  said  that  the  relationship 
between  the  T-Mobile  IT  develop¬ 
ment  and  operations  groups  had  to 
change  because  the  SOA  project 
will  allow  applications  to  run  on 
multiple  platforms,  such  as  a  hard¬ 
ware  appliance  from  DataPower 
Technology  Inc.  that  helps  secure 
the  processing  of  the  messages 
within  the  SOA. 

“What  you  have  there  is  a  plat¬ 
form  in  a  box  -  it  is  not  just  a  piece 
of  hardware,”  Wade  said.  While  IT 
operations  maintains  the  system, 
“the  application  development  depart¬ 
ment  [also]  needs  to  be  involved 
with  this,"  he  said. 

For  example,  Wade  said,  devel¬ 
opers  need  to  gain  knowledge  about 
networking  and  components  of  the 
network  from  operations  staff. 

-  HEATHER  HAVENSTEIN 
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In  Canada, 


Check  Point  ZoneAlarm 

Internet  Security  Suite  Small  Business  Edition 

•  Provides  easy-to-use,  comprehensive  protection  against 
new  and  emerging  Internet  threats  such  as  spyware,  hacker 
attacks,  viruses,  identity  thieves,  spam  and  much  more 

•  Includes  Triple  Defense  Firewall™  and  integrated 
antispyware  and  antivirus 

•  Offers  ID,  privacy  protection  and  PC  wireless  protection 
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Cisco  ASA  5510  Security  Plus  Appliance 

•  Purpose-built  appliance  that  combines  best-in-breed 
security  and  VPN  services  with  an  innovative  Adaptive 
Identification  and  Migration  (AIM)  architecture 

•  Provides  proactive  threat  defense  that  stops  attacks  before 
they  spread  through  your  network,  controls,  network 
activity  and  application  traffic 

•  Includes  firewall,  Intrusion  Prevention  Service  (IPS), 
network  antivirus  and  VPN  capabilities 


$2984.99  CDW  792590 


Cisco  PIXe  501  Firewall 

•  3DES  bundle  with  integrated  4-port  10/1 OOBASE-TX  switch 

•  Delivers  high-performance  security  for  small  networks  or 
remote  offices 

•  Includes  a  stateful  inspection  firewall,  VPN  and  intrusion  protection 
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The  Security  Solutions  You  Need  When  You  Need  Them. 

Security  solutions  for  your  network  have  always  been  complicated.  But  these  days,  it  seems  every  time  you  turn  around  there's  a 
new  and  more  complex  security  issue  to  address.  CDW  understands  these  challenges,  but  more  importantly,  we  know  that  they  will 
continue  to  evolve.  Call  us  today  and  let  our  account  managers  and  security  specialists  help  you  develop  a  multi-tiered  system  that 
covers  gateway,  server,  client,  and  mobile  security.  Then  get  on  with  everything  else  you've  been  putting  on  hold. 


wsmmmMmm 


Includes  1  -year  Maintenance  and  updates.  Offer  subject  to  CDW’s  standard  terms  and  conditions  of  sale,  available  at  CDW.com.  ©  2006  CDW  Corporation 


www.compuierworld.com 


16 


COMPUTERWORLD  April  24, 2006 


New  Orleans  CIO  Pushes 
Back  Against  Wi-Fi  Law 

Local  telecom  providers  want  to 
enforce  slowdown  of  public  network 


BY  MATT  HAMBLEN 

FTER  SURVIVING 
Hurricane  Katrina 
and  helping  to  coor¬ 
dinate  recovery  ef¬ 
forts  in  New  Orleans  following 
last  year’s  devastating  floods, 
the  city’s  top  IT  manager  is 
now  fighting  to  keep  a  free 
municipal  wireless  network 
functioning  at  high  speeds. 

The  public  Wi-Fi  service, 
set  up  with  $1.2  million  worth 
of  equipment  donated  by  Intel 
Corp.  and  Tropos  Networks 
Inc.,  has  been  “a  lifeline”  for 
New  Orleans,  said  Greg  Mef- 
fert,  the  city’s  CIO  and  chief 
technology  officer.  He  added 


that  the  network  is  being  used 
by  residents,  businesses,  pub¬ 
lic  safety  officials  and  building 
inspectors,  who  have  vastly  in¬ 
creased  the  number  of  inspec¬ 
tions  they’re  doing. 

The  Wi-Fi  network 
currently  runs  at  speeds 
of  up  to  512Kbit/sec. 
and  can  be  accessed  in 
a  1-square-mile  section 
of  central  New  Orleans. 

The  city  plans  to  ex¬ 
pand  its  coverage  area 
via  a  deal  that’s  being  fi¬ 
nalized  with  EarthLink 
Inc.,  Meffert  said. 

But  vendors  that  offer 
broadband  Internet  ser¬ 


vices  oppose  keeping  the  free 
network’s  performance  levels 
above  128Kbit/sec.  once  the 
state  of  emergency  in  the  city 
is  lifted.  Telecommunications 
lobbyists  point  to  a  2-year-old 
state  law  that  sets  standards 
for  broadband  competition,  in¬ 
cluding  the  128Kbit/sec.  speed 
limit  on  municipal 
networks. 

Meffert  said  slow¬ 
ing  down  the  city’s 
network  would  make  it 
“useless”  for  the  build¬ 
ing  inspectors  and  for 
many  average  users. 
The  push  to  reduce  the 
Wi-Fi  speeds  “is  like 
kicking  a  guy  when 
he’s  down,”  he  said. 
“I’m  not  going  to  do  it.” 


Bills  filed  in  the  Louisiana 
legislature  to  let  New  Orleans 
retain  its  current  performance 
levels  have  failed  thus  far,  but 
others  are  pending,  Meffert 
said.  He  wants  to  take  the 
matter  before  a  judge,  but  city 
attorneys  have  advised  him 
that  any  legal  action  must  be 
brought  by  citizens  claiming 
that  they  would  be  adversely 
affected  by  a  slowdown.  “I 
guess  you  could  call  it  a  po¬ 
tential  fight,  but  I  don’t  know 
where  this  ends,”  he  said. 

Meffert  has  met  with  of¬ 
ficials  from  Cox  Communica¬ 
tions  Inc.,  one  of  the  city’s  two 
local  telecommunications  ser¬ 
vice  providers,  and  he  said  he 
thinks  “they  realize  we’re  not 
competing  with  them.” 

But  Cox  spokeswoman 
Stephanie  Davis  said  the 
Atlanta-based  company  still 
backs  the  Louisiana  law  that 
limits  the  throughput  of  mu¬ 
nicipal  networks.  “Nothing’s 
changed,”  Davis  said. 


BellSouth  Corp.,  the  other 
local  telecommunications  car¬ 
rier,  sent  a  letter  to  Meffert  two 
weeks  ago  saying  that  it  “is  not 
trying  to  shut  down”  the  city’s 
Wi-Fi  network  but  wants  it  to 
comply  with  the  current  law. 
Merlin  Villar,  regional  director 
of  BellSouth’s  New  Orleans  op¬ 
erations,  confirmed  last  week 
that  the  letter  represents  Bell¬ 
South’s  position  on  the  issue. 

Even  though  New  Orleans 
Mayor  Ray  Nagin  previously 
worked  as  general  manager 
of  Cox’s  local  operations,  he 
has  supported  the  attempts  to 
preserve  the  existing  Wi-Fi 
speeds,  according  to  Meffert. 

Meffert  said  he  would  back 
any  residents  who  fight  in 
court  for  the  higher  Wi-Fi 
speeds,  even  if  he  loses  his 
CIO  job.  (Nagin,  who  appoint¬ 
ed  him,  was  seeking  a  new 
term  as  mayor  in  an  initial 
election  held  on  Saturday.)  “If 
I  have  to  go  to  jail  over  this,  I 
will,”  Meffert  said.  ► 
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New  Hampshire  Says  FBI  Probe 
Shows  No  Sign  of  Data  Breach 


IT  staffer  cleared 
to  return  to  work 


BY  TODD  R.  WEISS 

FBI  computer  forensics  ana¬ 
lysts  have  concluded  that  a 
suspect  password-recovery 
program  found  on  a  New 
Hampshire  government  server 
in  February  was  never  acti¬ 
vated,  leading  state  officials  to 
say  that  they  don’t  think  any 
credit  or  debit  card  data  was 
stolen  from  the  system. 

In  addition,  a  state  IT  work¬ 
er  who  was  placed  on  paid 
leave  while  the  potential  secu¬ 
rity  breach  was  being  inves¬ 
tigated  has  now  been  cleared 
to  return  to  work.  Douglas 
Oliver,  a  Web  middleware 
engineer  in  the  state’s  Office  of 
Information  Technology,  said 
last  week  that  he  had  received 
a  letter  from  OIT  officials  tell¬ 
ing  him  he  could  start  working 
again  on  April  25. 

Oliver,  who  in  March  had 
identified  himself  as  the  un¬ 
named  worker  put  on  leave, 
declined  to  comment  last  week 


about  the  contents  of  the  re¬ 
instatement  letter  he  received. 
But  he  said  he  does  plan  to  go 
back  to  work  this  week. 

New  Hampshire  Attorney 
General  Kelly  Ayotte  an¬ 
nounced  the  results  of  the 
FBI’s  computer  forensics  probe 
on  April  14.  “As  a  result  of  this 
finding,  the  state  has  conclud¬ 
ed  that  it  is  very  unlikely  that 
any  credit  card  or  debit  card 
information  was  accessed  by 
identity  thieves,”  Ayotte  said 
in  a  statement. 

A  Wide  Investigation 

The  FBI,  the  U.S.  Department 
of  Justice  and  New  Hampshire 
officials  began  investigating 
the  potential  security  breach 
after  Cain  &  Abel,  a  password 
recovery  program  that  can  be 
misused  by  malicious  hackers, 
was  found  on  the  state  server 
during  a  routine  security 
check. 

The  New  Hampshire  Divi¬ 
sion  of  Motor  Vehicles  and  the 
state’s  Veterans  Home  were 
using  the  server  to  transmit 
financial  information,  and  the 


New  Hampshire  Liquor  Com¬ 
mission  used  it  as  a  backup  for 
sales  transactions.  The  server 
held  credit  and  debit  card 
numbers,  but  no  other  person¬ 
al  information  was  stored  on  it, 
according  to  state  officials. 

Oliver  said  last  month  that 
as  a  member  of  an  OIT  securi¬ 
ty  audit  team,  he  installed  and 
used  a  collection  of  software 
tools,  including  Cain  &  Abel, 
in  order  to  test  the  ability  of 
the  state’s  IT  security  to  with¬ 
stand  real-world  intrusions. 
The  work  was  done  with  the 
knowledge  and  endorsement 
of  OIT  managers,  Oliver  said. 

New  Hampshire  CIO  Rich¬ 
ard  C.  Bailey  Jr.  declined  to 
comment  on  Oliver’s  reinstate¬ 
ment  last  week.  “We  don’t  go 
into  the  individual  status  of 
employees,”  Bailey  said. 

Pamela  Walsh,  a  spokes¬ 
woman  for  New  Hampshire 
Gov.  John  Lynch,  said  that  the 
FBI’s  investigation  into  the 
installation  of  Cain  &  Abel  on 
the  server  is  ongoing. » 


DOCUMENTATION  NEEDED 

Our  Take:  The  situation  in  New  Hamp¬ 
shire  shows  that  everything  done  on 
production  servers  should  be  documented, 
Frank  Hayes  says.  Page  56 


Oracle  Releases  Patches,  Password  Tool 

ORACLE  CORP.  last  week  re¬ 


leased  14  software  patches  that 
address  security  vulnerabilities  in  its 
databases,  application  server  soft¬ 
ware  and  other  products.  As  part  of 
the  quarterly  software  update,  it  also 
released  a  tool  designed  to  ferret  out 
commonly  used  default  passwords 
that  could  be  misused  by  hackers. 

Earlier  versions  of  Oracle  data¬ 
bases  included  well-known  default 
passwords  and  usernames,  said 
Darius  Wiles,  manager  of  security 
alerts  at  Oracle.  Those  accounts 
have  been  locked  down  in  current 
releases,  but  they  may  present  a 
problem  to  users  who  still  rely  on 
older  databases  or  have  upgraded 
from  an  older  version  that  included 
the  default  passwords,  he  added. 

OraclelOg  databases  that  have 
been  upgraded  from  0racle7, 
0racle8i  or  0racle9i  may  include 
the  default  accounts,  according  to 
a  note  made  available  last  week  to 
subscribers  to  the  vendor’s  Meta- 
Link  support  service. 

The  password  scanner  is  a 
SQL  script  that  scans  a  database 
and  then  prints  out  the  names  of 
the  default  accounts  if  they’re  un¬ 
locked,  according  to  Wiles.  “This 


tool  is  designed  to  catch  those 
instances  and  then  explain  to 
customers  the  right  thing  to  do  to 
secure  their  systems,"  he  said. 

Several  of  the  bugs  that  Oracle 
is  patching  as  part  of  the  quarterly 
update  could  be  easily  exploited  in 
a  widespread  manner,  according 
to  the  software  vendor. 

Of  particular  interest  is  a  fix  for 
a  previously  disclosed  vulnerability 
in  the  PL/SQL  gateway  software 
used  to  integrate  Oracle’s  data¬ 
base  with  Web-based  applications. 

Security  researcher  David 
Litchfield  published  a  fix  for  that 
problem  in  January,  but  Oracle  had 
warned  users  that  it  could  break  a 
number  of  other  Oracle  products. 

There  are  still  a  large  number  of 
unpatched  bugs  in  Oracle  products, 
claimed  Cesar  Cerrudo,  CEO  of 
Argeniss,  a  security  research  firm  in 
Buenos  Aires.  “We  have  more  than 
50  unpatched  vulnerabilities  on 
Oracle’s  database  server,”  he  said. 
“The  oldest  unfixed  vulnerability 
we  have  reported  to  Oracle  is  from 
February  2005.  That’s  a  long  time 
to  patch  a  bug." 

-Robert  McMillan, 
IDO  NEWS  SERVICE 
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Fujitsu  PRIMEQUEST  ™  Servers  with  Intel®  Itanium®  2  Processors . 

Mainframe  Reliability ♦  Sized  for  the  Mainstream . 


For  decades,  CIOs  have  trusted 
Fujitsu  mainframes  to  run  their  mission- 
critical  applications.  Now  you  can 
get  the  same  robust  engineering  and 
innovative  design  with  the  highly  reliable, 
high  performance  Fujitsu  PRIMEQUEST 
servers  featuring  Intel®  Itanium®  2  Processors. 
Designed  for  Microsoft®  Windows®  and  Linux® 
environments  to  run  mission-critical 


System  Mirror 

PRIMEQUEST  servers  offer  the  ability 
to  run  memory  and  crossbars  as 
mirrored  pairs.  This  option,  enabled  via 
the  Dual  Synchronous  Architecture  in 
PRIMEQUEST  servers,  provides  fault 
immunity  for  the  hosted  operating 
system  and  applications.  The  use  of 
System  Mirror  transparently  guards 
against  hardware  errors  that  could 
otherwise  cause  a  system  panic. 


applications,  PRIMEQUEST  servers 
harness  the  power  and  performance 
of  up  to  32  Intel®  Itanium®  2  Processors, 
to  easily  accommodate  your  largest 
applications.They  are  designed  with  integrated 
networking  and  management  features  for 
simplicity  and  offer  flexible  I/O  and  partitioning 
that  enhances  your  agility  to  respond  to 
dynamic  business  requirements. 


To  learn  more  about  how  Fujitsu  PRIMEQUEST  servers  bring  mainframe  reliability  to  mainstream  environments, 
visit  us.  fujitsu.com/computers/PRIMEQUEST  or  call  I  -800-83 1  -3 1 83. 
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THERE  IS  AN  ALTERNATIVE 


Your  global  IP  carrier  should  set  you  free,  not  hold 


you  down.  It  should  be  nimble  and  flexible  enough 


to  deliver  innovative  IP  solutions  and  superior 


support  yet  expansive  enough  to  offer  the  global 


scope  and  scale  your  business  requires.  Enter 


Global  Crossing.  Our  wholly-owned  global  IP 


network  connects  you  virtually  anywhere  instantly. 


It  works  effortlessly  with  your  current  legacy  system 
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and  with  IP  services  yet  to  be  envisioned.  All  with 
the  security,  support  and  control  you'd  expect  from 


an  industry  leader.  It's  no  wonder  so  many 


FORTUNE  500®  companies  depend  on  us.  Learn 


more  at  www.globalcrossing.com 
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Cisco  Plans  to  Expand 
Saudi  Arabian  Presence 

RIYADH.  SAUDI  ARABIA 

ISCO  systems  INC.  last  week  dis¬ 
closed  plans  to  spend  $265  million 
(U.S.)  over  the  next  five  years  in 
Saudi  Arabia.  The  plan  includes  adding 
about  530  employees,  opening  a  tech¬ 
nology  and  entrepreneurial  demonstra¬ 
tion  center,  and  donating  networking 
equipment  and  training  services  for 
use  in  poor  areas  of  the  country. 

Cisco  President  and  CEO  John 
Chambers,  who  announced  the  invest¬ 
ment  plans  during  a  visit  to  Saudi  Ara¬ 
bia,  said  that  the  networking  vendor  is 
increasing  its  operations  there  because 
of  the  country’s  increasing  role  in  the 
global  economy. 

Chambers  said  Cisco  plans  to  in¬ 
crease  its  Saudi  work¬ 
force  from  about  70 
people  to  600  and  set  up 
100  additional  network¬ 
ing  training  centers, 
where  its  personnel 
will  work  with  local 
universities  to  provide 
technical  programs. 

The  company  currently 
has  42  training  centers 
in  Saudi  Arabia. 


Cisco  also  plans  to  provide  incuba¬ 
tion  space  for  Saudi  start-up  companies 
and  R&D  operations,  plus  equipment, 
training  and  support  services  for  In¬ 
ternet  connections  to  2,000  homes  in 
underprivileged  areas,  according  to 
Chambers. 

■  GRANT  GROSS,  IDG  NEWS  SERVICE 


Nokia  Expands  Mobile 
Research  Lab  in  China 

SICHUAN,  CHINA 

OKIA  CORP.  last  week  announced 
that  it  is  expanding  an  R&D 
center  in  Chengdu,  China,  so 
the  facility  can  work  on  a  wider  range 
of  mobile  network  infrastructure 
products. 

Nokia  opened  the  center  in  Chengdu, 
the  capital  of  Sichuan  province,  a  year 
ago  to  develop  IP-based 
multimedia  commu¬ 
nications  applications. 
That  work  will  be  in¬ 
creased,  and  capabilities 
for  developing  products 
such  as  carrier-grade 
middleware,  intelligent 
packet  subsystems  and 
network  gateways  that 
support  the  Wireless 
Application  Protocol 


will  be  added  as  part  of  the  expan¬ 
sion  plan. 

Espoo,  Finland-based  Nokia  said  it 
expects  the  expansion  of  the  Chengdu 
facility  to  contribute  to  its  global 
sales  efforts  and  help  it  respond  more 
quickly  to  the  needs  of  customers  in 
China. 

■  NANCY  60HRING,  IDG  NEWS  SERVICE 


IT  Outsourcing  Boom 
Benefits  Indian  Firms 

BANGALORE,  INDIA 

ATA  CONSULTANCY  Services  Ltd., 
Infosys  Technologies  Ltd.  and 
Wipro  Ltd.  all  credited  continued 
growth  in  the  Indian  outsourcing  busi¬ 
ness  for  significantly  improved  finan¬ 
cial  results  during  the  fiscal  year  that 
ended  March  31. 

Tata,  India’s  largest  outsourcing 
vendor,  posted  a  36%  year-over-year 
increase  in  annual  revenue  to  132.5  bil¬ 
lion  rupees  ($2.94  billion  U.S.)  and 
a  41%  increase  in  profits  to  29.6  bil¬ 
lion  rupees  ($659  million).  Infosys 
and  Wipro  reported  full-year  revenue 
growth  of  35%  and  30%,  respectively. 

The  New  Delhi-based  National  As¬ 
sociation  of  Software  and  Service  Com¬ 
panies  is  estimating  that  India’s  total 
software  and  services  exports  grew 
32%  to  1.1  trillion  rupees  ($23.4  billion) 
over  the  past  12  months.  * 

■  JOHN  RIBEIR0,  IDG  NEWS  SERVICE 


Compiled  by  Mike  Bucken. 


Briefly  Noted 

Hewlett-Packard  Co.  has  opened 
an  intellectual  property  licensing 
center  in  Singapore  in  an  effort  to 
generate  additional  revenue  by  li¬ 
censing  its  patents  and  technologies 
to  companies  in  India  and  northern 
Asia  as  well  as  Singapore,  HP  said. 

■  STEVEN  SCHWANKERT, 

IDG  NEWS  SERVICE 


Amdocs  Ltd.,  a  maker  of  billing 
software  and  other  applications  for 
telecommunications  carriers,  last 
week  said  it  will  buy  Qpass  Inc.  in 
Seattle  for  S275  million.  Qpass 
develops  software  designed  to  help 
network  operators  manage  and 
deliver  digital  content.  Amdocs  is 
based  in  the  British  Channel  Islands 
town  of  St.  Peter  Port  and  has  its 
principal  operations  in  Israel. 

■  JEREMY  KIRK,  IDG  NEWS  SERVICE 


Taiwan  residents  who  fail  to  re¬ 
cycle  mobile  phones  or  optical  discs, 
including  CDs  and  DVDs,  face  fines 
of  up  to  $6,000  New  Taiwan  dollars 
($184  U.S.)  under  a  law  that  went 
into  effect  last  week.  An  official  at 
Taiwan’s  Environmental  Protection 
Administration  said  the  idea  to  fine 
violators  was  hatched  after  a  trial 
run  of  residential  recycling  in  three 
major  cities. 

■  DAN  NYSTEDT,  IDG  NEWS  SERVICE 
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Number  of  cellular  connec¬ 
tions  in  the  Asia-Pacific 
region  (including  Japan)  in 
last  year’s  third  quarter,  up 
5%  from  the  Q2  level. 
SOURCE:  GARTNER  INC. 


!T  Union  Head  Opposes  H-1B  Increase, 
Seeks  Aid  for  Workers  Hit  by  Offshoring 


BY  PATRICK  THIBODEAU 

Labor  unions  don’t  have  much 
of  a  presence  in  the  high-tech 
industry.  Marcus  Courtney,  presi¬ 
dent  of  the  Seattle-based  Wash¬ 
ington  Alliance  of  Technology 
Workers,  or  WashTech,  said  that 
hurts  white-collar  IT  workers 
in  the  U.S.,  who  are  losing  jobs 
to  offshore  outsourcing.  In  an 
interview  with  Computerworld, 
Courtney  talked  about  issues 
affecting  IT  employees,  includ¬ 
ing  outsourcing  and  the  ongoing 
debate  in  Congress  over  immi¬ 
gration  and  the  H-1B  visa  cap. 

Do  you  think  that  Congress  will  in¬ 
crease  the  number  of  visas  avail¬ 
able  to  foreigners  under  the  HTB 

program?  If  an  immigration  re¬ 
form  [bill]  is  to  pass  Congress, 


my  expectation  is  they  will 
most  likely  have  some  kind  of 
provision  in  that  bill  to  expand 
the  H-1B  visa  cap.  That  is  not 
the  bill  to  be  addressing  the 
issue.  The  H-1B  program  is  not 
about  immigration;  it’s  a  guest- 
worker  program. 

Why  are  you  opposed  to  increasing 
the  H-1B  cap  on  visas?  The  H-1B 

visa  is  a  specialty  visa  designed 
to  fill  spot  market  labor  short¬ 
ages  for  employers  [looking  for] 
very  niche  skills  in  the  comput¬ 
er  industry.  When  you  look  at 
the  demand  for  high-tech  work¬ 
ers  in  the  country,  there  are 
more  workers  seeking  jobs  than 
jobs  available.  The  [current  cap 
of]  65,000  should  be  adequate 
to  fill  spot  labor  shortages. 


What  will  happen  to  displaced 
technology  workers  if  the  cap  is 
raised?  It  increases  the  compe¬ 
tition  [among]  those  workers  for 
any  jobs  that  are  available  in  the 
market.  It  drives  down  wages. 

How  much  of  a  threat  is  offshore 
outsourcing  to  U.S.  technology 
workers?  The  real 
threat  to  employ¬ 
ment  security  is  the 
companies  that  are 
relentlessly  trying  to 
increase  their  prof¬ 
its  and  boost  their 
bottom  lines  at  the 
expense  of  American 
jobs.  Our  frustration 
is  that  employers  nev¬ 
er  have  to  show  any 
evidence  that  they 


really  can’t  find  [U.S.]  employ¬ 
ees.  When  you  actually  look  at 
the  employment  figures  in  the 
industry,  it’s  hard  to  imagine 
that  there  is  a  serious  crisis 
facing  high-tech  employers. 

What’s  the  state  of  union  activ¬ 
ism  among  high-tech  workers  to¬ 
day?  The  level  of  engagement 
peaked  at  the  2004  election. 
With  this  [immigration]  de¬ 
bate,  we’re  seeing  an  awaken¬ 
ing  among  tech  workers  about 
the  value  and  need 
of  representation. 

What  do  you  think 
can  be  done  to  help 
workers  who  have 
lost  jobs  to  offshore 
outsourcing?  One 
thing  we  are  trying 
to  do  is  get  legisla¬ 
tion  passed  around 
Trade  Adjustment 
Assistance.  This 


has  been  a  big  issue  for  white- 
collar  workers.  If  they  lose 
their  jobs  to  offshore  outsourc¬ 
ing,  the  government  has  said 
that  if  they  don’t  make  goods 
or  material,  they  could  not  get 
access  [to]  TAA,  which  will 
give  them  benefits  for  retrain¬ 
ing,  health  care,  re-employment 
and  moving  expenses. 

Why  don't  technical  workers  get 
the  same  access  to  the  benefits 
as  manufacturing  workers? 

When  [Congress]  passed  the 
Trade  Adjustment  Assistance 
act,  it  only  believed  that  manu¬ 
facturing  workers  would  ever 
be  impacted.  Manufacturing 
workers  are  more  organized. 
It’s  not  a  coincidence  that  a 
heavily  unionized  industry 
such  as  manufacturing  was 
able  to  get  government  pro¬ 
grams  for  workers.  Technology 
workers  are  just  beginning  to 
get  organized.  * 
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on  May  9th. 
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“Change  Artists”  explores 
the  dynamic  pairing  of 
strategy  and  technology. 

We  invite  you  to  join  the  conversation. 

CEOs  and  CIOs  who  create  opportunity  are  change  artists.  “Change  Artists” 
is  a  live  Web  series  that  explores  how  they  do  it. 

On  May  9th  at  11:00  a.m.  EST,  we  will  feature  CEO  Fred  Smith  and 
CIO  Rob  Carter  of  FedEx. 


FedEx  Corporation  is  a  $31  billion 
global  transportation  and  logistics 
company.  More  than  260,000 
employees  and  independent 
contractors  worldwide  handle  more 
than  6  million  shipments  each 
business  day.  CEO  Smith  and  CIO 
Carter  will  explain  how  they’re 
staying  ahead  of  potential  issues 
with  those  6  million  shipments. 

They’ll  also  answer  your  questions  live. 

But  “Change  Artists”  goes  beyond 
the  CEO/CIO  conversation.  It’s 
a  program  designed  to  help  you 
manage— and  master— change. 

Log  on  to  hp.com/go/changeartists. 
You’ll  find  practical  ideas  from  CIO 


magazine.  Interactive  tools  that 
reveal  areas  of  change  in  your 
company,  designed  by  HR  As  well 
as  revealing  case  studies  on  Fortune 
500  companies. 

And,  of  course,  you’ll  get  the  latest 
thinking  on  key  issues  raised  during 
the  “Change  Artists”  program.  For 
example,  IT  consolidation. 

Consolidation  is  undergoing 
dramatic  change.  It’s  not  just  about 
cost  savings,  it’s  about  increasing 
business  value. 

The  “Change  Artists”  website  currently 
provides  a  detailed  overview  of  IT 
consolidation,  and  reviews  the  key 
elements  of  a  consolidation  program. 


You’ll  learn  about  companies  that 
have  moved  from  IT  as  a  cost  center 
to  IT  as  a  driver  of  business  value. 

“Change  Artists”  taps  into  executive 
insight,  industry  analysis,  and 
the  unique  perspective  of  global 
business  and  technology  leaders. 
The  goal:  to  help  inspire  your  own 
transformation  journey. 

Everyone  talks  about  change. 
“Change  Artists”  will  make  you  a 
leader  in  that  conversation. 


Get  started  at 
hp.com/go/changeartists 
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DON  TENNANT 


Waiting  by  the  Phone 


AT  FIRST,  I  thought  Larry  Ellison  was 

just  being  a  jerk.  I  assumed  that  Oracle’s 
flamboyant  CEO  was  elbowing  his  way 
into  the  spotlight  again  by  dropping  the 
kind  of  bombshell  he  just  loves  to  drop 
to  draw  attention  to  himself. 

It  seemed  that  every 
news  outlet  I  went  to  early 
last  week  was  jumping  all 


over  a  story  in  Monday’s 
edition  of  London’s  Finan¬ 
cial  Times  that  was  based 
on  an  interview  with  Elli¬ 
son.  “Oracle  Chief  Opens 
Door  to  Buying  Novell,” 
trumpeted  the  headline  of 
a  Boston  Globe  article  that 
cited  the  Financial  Times 
story.  “Oracle  Looks  at 
Buying  Novell,”  a  Slashdot 
headline  proclaimed.  “Or¬ 
acle  Contemplates  Acquiring  Novell,” 
Softpedia  echoed. 

Having  interviewed  Ellison  myself 
several  times  over  the  years,  I  didn’t 
find  it  a  bit  surprising  that  he  would 
say  something  like  that  just  to  bask 
in  the  buzz  it  would  create.  But  then  I 
read  the  original  Financial  Times  ar¬ 
ticle,  and  I  realized  it  wasn’t  Ellison 
being  Ellison  after  all.  It  was  we  in 
the  media  who  were  the  jerks. 

Buried  way  down  in  the  1,410-word 
story  was  a  reference  to  Oracle’s 
widely  reported  interest  in  buying 
JBoss,  which  was  recently  acquired 
by  Red  Hat.  Ellison  noted  that  there 
would  have  been  a  risk  in  Oracle  ac¬ 
quiring  JBoss  or  Red  Hat  because  of 
the  inherent  lack  of  control  that  open- 
source  companies  have  over  their 
intellectual  property.  In  that  context, 
the  Financial  Times  author  wrote, 
“Oracle  looked  at  buying  Novell,  own¬ 
er  of  SUSE,  Europe’s  biggest  Linux 
company,  but  would  have  faced  the 
same  risk,  [Ellison]  adds.” 

That’s  it.  That’s  what  all  the  fuss 
was  about.  A  condensed  version  of 
the  article  by  the  same  author  made 
an  equally  innocuous  reference  to 
N  ovell:  “As  part  of  a  recent  study  of 
the  open-source  software  market, 

Mr.  Ellison  said  that  Oracle  had  con- 
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sidered  buying  Novell, 
which  after  Red  Hat  is 
the  biggest  distributor  of 
Linux.” 

It’s  mind-boggling  that 
those  statements  would 
come  as  a  surprise  to 
anyone.  Companies  like 
Oracle  consider  such 
acquisitions  all  the 
time.  I  would  be  abso¬ 
lutely  shocked  if  anyone 
at  Oracle,  IBM,  Sun, 
Hewlett-Packard,  CA  or 
even  Microsoft  could 
honestly  and  knowledgeably  say  that 
their  company  hadn’t  considered  an 
acquisition  of  Novell. 

Even  more  mind-boggling  is  how 
so  many  news  outlets  managed  to 
extrapolate  from  those  comments 
that  Oracle  is  actively  considering  a 
Novell  buyout.  ( Computerworld.com 
on  Monday  posted  a  Reuters  story 
that  made  it  clear  it  was  in  the  past 
that  Ellison  had  looked  at  acquiring 
Novell.)  And  once  the  buzz  started, 


there  was  no  stopping  it.  That  turned 
out  to  be  a  very  good  thing  for  No¬ 
vell,  which  saw  its  stock  rise  2.3%  on 
Monday. 

The  fact  is,  somebody  needs  to 
acquire  Novell.  As  it  stands,  Novell 
is  losing  customers  hand  over  fist  to 
Microsoft.  It’s  been  largely  unsuc¬ 
cessful  in  capitalizing  on  the  brilliant 
NetWare-to-Linux  migration  strategy 
it  adopted  three  years  ago.  And  it 
remains  wholly  incapable  of  getting 
its  perennially  pathetic  marketing  act 
together. 

Under  the  tired  leadership  of  65- 
year-old  CEO  Jack  Messman,  Novell 
doesn’t  appear  to  be  doing  much 
more  than  sitting  around,  wait¬ 
ing  for  the  phone  to  ring.  I  used  to 
wonder  why  Novell’s  board  hasn’t 
given  Messman  a  gold  watch  and  a 
handshake,  until  I  realized  that  the 
average  age  of  the  10  board  members 
is  64.5. 1  guess  70-year-old  board 
member  James  D.  Robinson  III  sees 
Messman  as  downright  dynamic. 

At  least  Ellison,  at  62,  leads  his 
company  with  vitality  and  exuber¬ 
ance.  That  sort  of  thing  will  eventu¬ 
ally  echo  through  the  halls  of  Novell. 
But  it’ll  be  coming  from  the  other  end 
of  the  phone. » 


VIRGINIA  ROBBINS 

Maximizing 
A  Retention 
Bonus 

THE  BACK  of  my  new 
boss’s  black  leather 
chair  faced  me  as  I 
bounded  into  his  office;  a 

crown  of  brown  hair  was  all  that 
was  visible.  My  old  boss  had  retired 
a  month  earlier,  wanting  no  part 
of  the  project  to  outsource  our  IT 
department. 

I  was  young  (this  was  almost  two 
decades  ago)  and  eager  to  make  a 
positive  impression  on  my  new  super¬ 
visor.  I  had  the  project  costs  that  he 
had  requested,  and  I  had  worked 
through  lunch  to  make  sure  that  the 
report  represented  my  best  work.  As 
I  approached  his  desk,  I  thought  I 
heard  snoring.  I  cleared  my  throat 
and  his  head  hobbled.  He  was  asleep. 
My  new  boss,  friend 
and  golfing  partner  of 
the  chairman,  would 
spend  many  an  af¬ 
ternoon  comfortably 
napping  while  I  wrote 
his  memos,  complet¬ 
ed  his  budgets  and 
prepared  his  board 
reports.  Forty-eight 
hours  after  cashing 
my  retention  bonus, 

I  quit. 

This  week,  a  former 
employee  called  to 
ask  how  she  could 
maximize  her  reten¬ 
tion  bonus.  She  had  accepted  another 
job,  but  her  boss  didn’t  want  her  to  go, 
even  though  she  had  completed  her 
work.  She  was  frustrated  and  angry. 
Earning  one’s  bonus  in  these  situa¬ 
tions  takes  a  lot  of  patience. 

IT  veteran  Sam  Greene  wrote  me 
recently  about  ways  to  retain  your 
sanity  and  maximize  your  paycheck 
when  the  department  is  being  deci¬ 
mated  around  you  —  good  advice  for 
these  situations.  To  paraphrase  Sam: 

1.  Never  be  confrontational  with  man¬ 
agement.  Your  supervisor  has  discre¬ 
tion  as  to  who  stays,  who  goes  and 
who  gets  paid  what.  Don’t  give  him  a 
reason  to  fire  you  before  you  get  paid. 

2.  Identify  manipulation  and  then  care¬ 
fully  choose  how  to  respond  to  it.  When 
you’re  in  a  sea  of  dysfunction,  you  can 
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decide  when  and  where  you’ll  go  swim¬ 
ming.  Stay  in  the  boat,  out  of  the  water, 
whenever  you  can. 

3.  Work  carefully  to  stay  off  the  boss’s  ra¬ 
dar.  Keep  your  head  down  and  get  your 
job  done.  I  usually  recommend  doing 
your  best  work,  but  in  these  cases,  do¬ 
ing  merely  good  work  —  no  more  than 
what’s  requested  —  can  result  in  higher 
severance  bonuses.  Doing  your  job  too 
well  may  result  in  a  job  offer  without 
any  severance  or  bonus  payments. 

4.  Keep  a  professional  distance  from 
those  who  are  not  handling  the  stress 
well.  During  periods  of  high  stress, 
sometimes  people  try  to  manage  by 
swapping  “Can  you  believe”  stories 
that  focus  on  how  bad  everyone  and 
everything  is.  Listen  if  you  have  to,  but 
don’t  contribute. 

5.  Understand  what  you  can  influence, 
and  learn  to  identify  and  accept  what  you 
can’t  control.  I  know  —  it’s  easier  said 
than  done. 

6.  Keep  your  rdsumd  updated  and  always 
network  for  possible  job  opportunities. 

7.  Find  a  trusted  mentor  outside  the 
company.  To  keep  your  emotional  bal¬ 
ance,  find  someone  you  trust  who  will 
provide  you  with  an  honest  assessment 
of  your  situation  and  your  behavior. 

8.  Continue  to  be  honest  and  open  with 
your  employees.  This  will  help  you  un¬ 
derstand  what’s  going  on  and  may  help 
you  plan  for  future  disruptions  as  these 
employees  leave. 

9.  Finally,  understand  the  difference 
between  thriving  and  surviving.  Surviving 
requires  a  different  approach,  one  that 
is  quieter  and  more  self-absorbed  than 
I  usually  advocate.  However,  in  a  dys¬ 
functional  situation,  your  most  impor¬ 
tant  job  is  to  take  care  of  yourself,  stay 
centered  and  be  prepared  for  the  next 
opportunity. » 


BRUCE  A.  STEWART 

Innovation 
And  What’s 
‘Normal’ 

An  increasing  number 
of  companies  are  be¬ 
ing  commanded  to  be 
innovative  by  CEOs.  Not 

surprisingly,  being  commanded  to 
be  innovative  isn’t  working  very  well. 
CIOs,  in  turn,  are  being  asked  to  si¬ 
multaneously  rationalize  more  of  the 
company’s  processes  and  be  innova¬ 
tive.  Again,  not  surprisingly,  only  one 


of  these  is  going  well:  the 
process  rationalization. 

Let’s  face  a  few  facts.  Al¬ 
most  all  of  the  work  of  an  IT 
organization  is  highly  struc¬ 
tured,  disciplined  and  driv¬ 
en  by  well-controlled  proc¬ 
esses.  IT  organizations  are 
put  together  around  control 
points  such  as  project  offices. 

We  measure  performance 
and  manage  with  the  goal  of 
improving  that  performance, 
and  we  are  slowly  but  surely 
architecting  a  well-designed, 
comprehensive  systems 
base.  This  is  what  we  in  IT 
do,  and  do  well. 

And  none  of  it  leads  read¬ 
ily  to  innovation. 

Charles  Handy,  a  British  manage¬ 
ment  theorist,  has  talked  about  four 
kinds  of  organizational  units.  There’s 
the  unit  that’s  built  around  networking 
to  get  deals  done  —  lots  of  quick  con¬ 
versations,  calls  and  e-mails.  There’s 
the  unit  that’s  built  around  processes 
—  that’s  all  about  controls.  There’s  the 
unit  that’s  built  around  projects.  Final¬ 
ly,  there’s  the  unit  that’s  built  around 
individual  contributors,  each  of  whom 
is  valued  for  his  unique  skills. 

Handy  went  on  to  say  that  this  model 
extends  down  to  individuals  and  up 


even  to  national  cultures. 

In  other  words,  each  of  us 
has  a  personal  style.  It’s 
typically  composed  of  a 
dominant  and  a  secondary 
style  —  in  other  words,  we 
can  flex  and  “fit  in”  to  some 
extent.  But  we’re  most  at 
home  in  our  dominant 
style,  and  we’re  most  likely 
to  stay  in  an  organization 
whose  style  matches  our 
dominant  one.  (Fifty  years 
of  separation  between  the 
infrastructure  staff  and  the 
development  staff  actually 
has  its  roots  in  this  matter 
of  self-selection  by  style.) 
For  innovation,  you  need 
the  individual  contributors  and  the 
networkers.  Ideally,  you’d  have  a  group 
of  people,  some  of  whom  are  domi¬ 
nantly  individual  contributors  and 
secondarily  networkers,  and  the  rest  of 
whom  are  the  reverse.  But  IT  organiza¬ 
tions  are  built  on  the  building  blocks  of 
processes  and  projects.  No  wonder  in¬ 
novation  is  difficult,  if  the  very  people 
you  need  aren’t  around  and  the  values 
of  the  organization  are  stacked  against 
them  being  there. 

Can  we  innovate  with  what  we’ve 
got?  Up  to  a  point,  the  answer  is  yes.  But 
we  have  to  look  past  departments  to 


do  it,  and  look  at  individuals.  We  could 
draw  upon  an  individual  contributor/ 
project  person  (likely  an  architect),  a 
networker/project  or  net  worker/proc¬ 
ess  person  (likely  a  business  analyst  or 
relationship  manager),  and  maybe  even 
an  individual  contributor/process  per¬ 
son  (likely  the  hero  who  keeps  the  place 
together  at  3:00  in  the  morning). 

We  also  have  to  recognize  some 
other  truths.  Innovation  isn’t  a  project 

—  it’s  a  process.  We  have  to  network 
extensively  with  potential  innovators 

—  multiple  leaders  will  emerge  —  to 
try  to  assess  their  performance  and 
direct  their  efforts.  We  have  to  look  at 
the  track  record  of  those  innovators 
over  time,  since  many  of  their  innova¬ 
tions  will  go  nowhere  or  be  abandoned. 
Thinking  like  a  venture  capitalist 

—  looking  for  the  one  win  in  10  —  is  a 
good  approach  here. 

Finally,  we  have  to  protect  the  in¬ 
novators:  They  will  make  enemies 
throughout  the  rest  of  the  IT  organiza¬ 
tion,  regardless  of  their  successes  or 
failures.  After  all,  innovators  just  don’t 
“fit  in”  with  the  rest  of  us.  That’s  why 
they’re  so  hard  to  find.  > 
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Looking  for  Soft  Skills  in  MBA  Programs 


Many  people  focus  on 
the  technical  aspects  and 
course  content  of  MBA  programs, 
but  I  rarely  hear  communication 
mentioned  [“What’s  an  MBA 
Good  for  -  Really?"  March  6], 

One  of  the  key  benefits  of  a  good 
MBA  program  is  the  interaction  of 
people  from  many  backgrounds, 
all  learning  to  communicate  with 
one  another. 

The  inability  to  communicate 
with  someone  outside  of  your 
specialty  is  rampant.  When  I  went 
through  my  MBA  program,  I  was  a 
typical  engineer  who  thought  very 
linearly  and  expressed  myself  in 
terms  that  other  engineers  could 
understand. 

I  was  paired  with  a  philosophy 
major.  Imagine  his  angst  trying  to 
listen  to  me.  And  I  could  barely  un¬ 
derstand  anything  he  said.  It  took 
weeks  of  arguing  and  frustration 
before  we  began  to  understand 
each  other.  But  when  it  was  over, 


we  had  developed  the  tolerance, 
patience  and  language  skills 
needed  to  produce  a  product  far 
superior  to  what  either  of  us  could 
have  done  alone.  We  gained  an 
appreciation  for  what  each  of  us 
could  bring  to  the  table.  Those  are 
lessons  that  transcend  the  actual 
course  content. 

I  hope  every  student  uses  avail¬ 
able  opportunities  to  develop  the 
skills  that  are  most  important  in 
the  long  run.  If  the  goal  is  a  high- 
level  position,  the  ability  to  work 
with  many  diverse  styles  and  skills 
will  help  immensely. 

George  Ludden 
Network  manager, 

Richmond,  Va. 


MY  UNDERGRADUATE  de¬ 
gree  is  in  science.  Yearning 
for  a  better  understanding  of  the 
business  side,  I  entered  a  full-time 
MBA  program  in  2004. 1  was 
sorely  disappointed  at  what  was 


being  taught,  particularly  in  the 
human  resources  management 
class.  With  an  emphasis  on  how 
to  keep  your  company  from  being 
sued  and  meaningless  statistics, 
the  class  glossed  over  how  to 
identify  different  personality  traits 
or,  better  yet,  how  to  effectively 
communicate  or  motivate  people 
with  different  personalities. 

Although  I  am  grateful  I  learned 
as  much  about  business  in  gener¬ 
al  as  I  did,  I  am  disappointed  that 
more  emphasis  was  not  placed 
on  howto  manage  people.  This 
is  one  reason  why  I  think  there 
are  so  many  horrible  managers. 
Hopefully,  more  criticism  and  ar¬ 
ticles  like  Paul  Glen’s  will  change 
the  programs  across  the  nation. 
Sheri  Vdronneau 
Oklahoma  City 


U.S.  Shouldn’t  Be 
The  World’s  Censor 

DON  TENNANT  really  hit  the 
nail  on  the  head  in  his  edito¬ 


rial  “The  Censorship  Call”  [Feb. 
27],  It  is  not  America’s  place 
to  tell  other  governments  what 
level  of  censorship  should  exist. 
Europeans  think  we  Americans 
are  very  prudish  in  our  attitude 
toward  nudity  on  television  and 
in  newspapers.  Each  country 
has  the  right  to  set  its  own  stan¬ 
dards. 

Mike  Mullane 

Consulting  manager, 

Hartford,  Conn. 

C0MPUTERW0RLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity. 
They  should  be  addressed  to  Jamie 
Eckle,  letters  editor,  Computer- 
world,  P0  Box  9171, 1  Speen  Street, 
Framingham,  Mass.  01701.  Fax: 
(508)  879-4843.  E-mail:  letters® 
computerworld.com.  Include  an 
address  and  phone  number  for  im¬ 
mediate  verification. 

©For  more  letters  on  these 
and  other  topics,  go  to 

www.computerworld.com/letters 
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former  CEO  and  onetime 
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services  at  Meta  Group 
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tive  adviser  in  Vancouver. 
British  Columbia.  He  can 
be  contacted  at  brace® 
bastewart.com. 
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SECURITY  MANAGER’S  JOURNAL 

These  Rules  Will  Keep 
Users  in  Their  Place 

Mathias  Thurman  is  counting  on  the  rule 
of  least  privilege  and  separation  of  duties 
to  keep  users  out  of  places  in  the  network 
where  they  don’t  belong.  PAGE  36 


QUICKSTUDY 

Virtual  Machines 

Each  of  these  self-contained  operating  environments 
behaves  as  if  it  were  a  separate  computer.  This  makes 
it  possible  to  use  computing  resources  more  efficient¬ 
ly  and  isolate  applications  to  improve  security  and 
prevent  cross-corruption.  PAGE  38 


OPINION 

Factory  Settings  - 
Insecure  by  Default 

Douglas  Schweitzer  says  the  default 
security  settings  on  wireless  routers 
provided  by  telecommunications  ven¬ 
dors  may  be  insufficient.  PAGE  39 


Millions  of  lines  of 
mainframe  code  need 
to  be  modernized. 
How  to  do  that  —  and 
what  to  keep  on  the 
mainframe  —  is  the 
trillion-dollar  question. 
By  Robert  L.  Mitchell 


BY  SOME  estimates, 
the  total  value 
of  the  applica¬ 
tions  residing  on 
mainframes  today 
exceeds  $1  trillion. 
Most  of  that  code 
was  written  over 
the  past  40  years 
in  Cobol,  with  some  assembler,  PL/1 
and  4GL  thrown  into  the  mix.  Unfor¬ 
tunately,  those  programs  don’t  play 
well  with  today’s  distributed  systems, 
and  the  amount  of  legacy  code  at 
companies  such  as  Sabre  Holdings 
Corp.  in  Southlake,  Texas,  makes  a 


Continued  on  page  32 
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How  does  Hilton  forecast  demand  for  its  370,000  rooms  and  its  catering  services? 
They  import  data  from  six  systems  into  one  data  warehouse  requiring  7  million  rows,  and 
running  on  SQL  Server™  2005  with  99.98%  uptime.*  See  how  at  microsoft.com/bigdata 


Microsoft 

SQL  Server  2005 


•Results  not  typical,  and  are  based  on  use  with  Windows  Server™  2003  Enterprise  Edition,  Availability  is  dependent  on  manv  factors 
including  hardware  and  software  technologies,  mission-critical  operational  processes,  and  professional  services  ©  2006  Microsoft 
Corporation.  All  rights  reserved,  Microsoft,  Windows  Server,  and  "Your  potential.  Our  passion are  either  registered  trademarks  or 
trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products 
mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 
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Continued  from  page  27 
rewrite  a  huge  undertaking. 

“We’re  bound  by  our  software  and  its 
lack  of  portability,”  Sabre  Vice  Presi¬ 
dent  Alan  Walker  says  of  the  40,000 
programs  still  running  on  IBM  Trans¬ 
action  Processing  Facility  (TPF),  Agi¬ 
lent  Modular  Power  System  and  other 
mainframe  systems. 

With  a  shortage  of  Cobol  program¬ 
ming  talent  looming  in  the  next  decade 
(see  story  at  right)  and  a  clear  need 
for  greater  software  agility  and  lower 
operating  costs,  IT  organizations  have 
begun  to  make  transition  plans  for 
mainframe  applications.  The  trick  lies 
in  figuring  out  which  applications  to 
modernize,  how  to  do  it  and  where  they 
should  reside. 

Applications  fall  into  one  of  three 
groups  based  on  scale,  says  Dale  Vec- 
chio,  an  analyst  at  Gartner  Inc.  Appli¬ 
cations  under  500  MIPS  are  migrating 
to  distributed  systems.  “These  guys, 
they  want  off,”  Vecchio  says.  As  orga¬ 
nizations  begin  peeling  away  smaller 
applications,  they  may  move  to  a  pack¬ 
aged  application;  port  the  application 
to  Unix,  Linux  or  Windows;  or,  in  some 
cases,  rewrite  the  applications  to  run 
in  a  .Net  or  Java  environment,  he  says. 

In  the  1,000-MIPS-and-up  arena,  the 
mainframe  is  still  the  preferred  platform. 
Applications  between  500  and  1,000 
MIPS  fall  into  a  gray  area  where  the  best 
alternative  is  less  clear.  An  increasingly 
common  strategy  for  these  applications 
is  to  leave  the  Cobol  in  place  while  using 
a  service-oriented  architecture  (SOA) 
to  expose  key  interfaces  that  insulate 
developers  from  the  code. 

“If  you  expose  those  applications  as 
a  Web  service,  it’s  irrelevant  what  that 
application  was  written  in,”  says  Ian 
Archbell,  vice  president  of  product  man¬ 
agement  at  tool  vendor  Micro  Focus  In¬ 
ternational  PLC  in  Rockville,  Md.  “SOA 
is  just  a  set  of  interfaces,  an  abstraction.” 

“SOA  at  least  allows  you  to  break  the 
dependency  bonds,”  says  Ron  Schmel- 


Colleges  aren’t  cranking  out  Cobol 
programmers  anymore,  and  skills  avail¬ 
ability  is  one  of  the  top  three  concerns 
in  mainframe  shops,  says  Dale  Vecchio, 
an  analyst  at  Gartner. 

Some  organizations  say  they  are 
already  having  trouble  hiring  Cobol  pro¬ 
grammers.  “if  s  difficult  to  find  people 
to  support  it,”  says  Bob  DiAngefo,  vice 
president  and  CIO  at  MIB  Group.  That’s 
one  reason  why  his  company  is  migrat¬ 
ing  to  a  new  application  architecture 
built  around  Java  and  WebSphere. 

Meanwhile,  the  ranks  of  experienced 
programmers  are  also  thinning.  “Many 
Cobol  developers  are  entering  retirement 
now ...  so  it’s  challenging  around  staff¬ 
ing,”  says  Edward  Mulligan,  executive 
vice  president  of  the  technology  services 
division  at  The  Bank  of  New  York. 

But  Gary  Barnett,  an  analyst  at  Ovum, 
says  IT  needn’t  panic.  “There  is  no 
skills  crisis,”  he  argues.  While  there  is 
a  shortage  of  highly  trained  mainframe 

zer,  an  analyst  at  ZapThink  LLC  in 
Waltham,  Mass. 

Cobol  isn’t  going  away,  but  it’s  also 
not  moving  forward.  While  the  Cobol 
code  base  on  mainframes  is  projected 
to  increase  by  3%  to  5%  a  year,  that’s 
mostly  a  byproduct  of  maintenance, 
says  Gary  Barnett,  an  analyst  at  Ovum 
Ltd.  in  London.  “No  one  is  learning 
[Cobol]  in  school  anymore,  and  new 
applications  aren’t  being  built  in  Cobol 
anymore,”  says  Schmelzer.  “Cobol  is 
like  Latin.” 

Vendors  such  as  Micro  Focus  have 
abandoned  the  idea  of  evolving  the  Co¬ 
bol  language  for  distributed  application 
development.  “Micro  Focus  is  not  about 
a  better  Cobol  compiler,”  says  Archbell. 
Instead,  its  approach  is  to  “embrace  and 
extend,”  he  says.  “We  expose  things 


programmers,  many  existing  Cobol 
applications  are  very  stable  and  don’t 
require  much  maintenance.  Plus,  tools 
are  evolving  to  allow  a  single  developer 
to  maintain  more  of  the  code  than  was 
possible  just  a  few  years  ago.  Ovum 
predicts  that  the  amount  of  Cobol  code 
in  use  will  grow  3%  to  5%  annually 
through  2010,  but  that  mostly  involves 
maintenance  work,  Barnett  says.  Most 
new  projects  are  moving  to  more  mod¬ 
ern  application  architectures. 

Organizations  that  can’t  find  lo¬ 
cal  talent  can  also  outsource.  “India 
provides  a  very  elastic  supply  of  Cobol 
developers,”  Barnett  says,  and  others 
can  be  cross-trained.  “Once  you  have  a 
proficient  programmer,  training  them  on 
Cobol  is  not  an  arduous  process.” 

It’s  true  that  the  ranks  of  legacy  pro¬ 
grammers  are  declining,  but,  says  Bar¬ 
nett,  “I  don’t  see  it  as  a  major  concern 
for  the  foreseeable  future.” 

-  ROBERT  L.  MITCHELL 

like  aggregated  CICS  transactions  as 
JavaBeans,  Web  services,  or  .Net  or  C# 
code.  It’s  wrappering.” 

But  with  so  much  legacy  code,  that 
process  won’t  take  place  overnight.  “It 
could  take  20  years,”  Archbell  says. 

Sabre  still  has  more  than  10,000 
MIPS  of  applications  on  mainframes, 
and  Walker  plans  to  migrate  every¬ 
thing  off  over  the  next  few  years. 

The  company’s  TPF-based  fare- 
searching  application,  used  by  Travel- 
ocity.com  LP  and  travel  agents,  has 
been  rewritten  to  run  as  a  64-bit  Linux 
program  on  four-way  Opteron  servers. 

Sabre  migrated  the  back-end  data  to 
45  servers  running  MySQL  that  each 
contain  fully  replicated  data.  The  new 
system  is  more  flexible  and  “pretty 
cheap”  compared  with  the  mainframe, 


Walker  says.  He  questions  the  conven¬ 
tional  wisdom  that  all  high-end  ap¬ 
plications  need  to  stay  on  mainframes, 
noting  that  the  search  application  was 
in  the  thousands  of  MIPS.  “It’s  pretty 
obvious  that  you  don’t  need  main¬ 
frames  to  do  large-scale  transactions,” 
he  says,  pointing  to  the  successes  of 
eBay  Inc.  and  Amazon.com  Inc. 

Barnett  points  out  that  very  few  of  his 
clients  have  been  successful  at  complete¬ 
ly  rewriting  large-scale  applications. 

In  Sabre’s  case,  it’s  worth  noting  that 
the  application  was  CPU-  and  memory¬ 
intensive  and  that  competitive  pressures 
would  have  forced  a  rewrite  anyway. 

“We  solved  a  larger  problem,”  which  was 
the  need  to  generate  hundreds  of  results 
instead  of  the  10  to  20  the  TPF  system 
could  deliver  per  search,  Walker  says. 

Simply  rewriting  millions  of  lines  of 
code  to  deliver  the  same  features  not 
only  wouldn’t  cut  it  financially  at  The 
Bank  of  New  York  Co.,  but  also  would 
require  a  lifetime  of  work,  says  Edward 
Mulligan,  executive  vice  president  of 
the  technology  services  division. 

A  gradual  transition  to  packaged  ap¬ 
plications  might  help  such  businesses, 
says  Ovum’s  Barnett.  “Eighty  percent 
of  core  business  processes  in  banks  are 
the  same.  In  10  years,  it  will  make  little 
sense  to  have  your  own,  unique  home¬ 
grown  savings  program,”  he  says. 

Mulligan  has  been  migrating  some 
smaller  applications,  freeing  up  ex¬ 
pensive  mainframe  capacity.  The  big 
reason:  cost.  When  the  vendor  of  his 
problem  management  software  refused 
to  bring  licensing  in  line  with  equiva¬ 
lent  packages  in  the  Windows  arena,  he 
migrated  to  a  cheaper  Windows  version. 
The  total  operating  costs  of  running 
applications  on  the  mainframe  can  be 
“easily”  10  times  that  of  a  Unix  or  Win¬ 
dows  architecture,  says  Sabre’s  Walker. 

While  IBM  has  begun  offering  sub¬ 
capacity,  usage-based  pricing,  few 
third-party  vendors  of  mainframe  soft¬ 
ware  have  followed  suit.  “Vendors  who 


I  remember  someone  telling  me  we  shouldn’t 
get  rid  of  the  mainframe,  it’s  five  9s  and  you’re 
going  to  be  running  this  Windows  junk.  The 
reality  is  that  [our  distributed  systems]  are  up 
all  of  the  time,  and  our  actual  [mean  time  be¬ 
tween  failures]  is  tremendous. 


CHRISTIAN  ANSCHUETZ,  CIO,  PUBLICIS  GROUP  SA 
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It’s  really  just 
a  big  server. 
W>ucanrun 
anything 
on  it. 


BOB  DiANGELO,  VICE  PRESI¬ 
DENT  AND  CIO,  MIB  GROUP  INC. 
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don’t  embrace  flexible  pricing  are  ac¬ 
celerating  the  decline  in  their  business,” 
says  Barnett. 

At  Sabre,  Walker  plans  to  continue 
to  migrate  off  the  mainframe,  which  he 
says  is  simply  too  expensive. 


In-Place  Upgrade 

Bob  DiAngelo,  vice  president  and  CIO 
at  MIB  Group  Inc.,  is  already  facing 
that  challenge.  His  company  relies  on 
an  I/O -intensive  application  used  to  de¬ 
tect  insurance  fraud  for  more  than  500 
insurers  in  North  America.  DiAngelo 
says  it  was  impossible  to  hire  anyone  to 
support  MIB  Group’s  IBM  mainframe 
applications,  originally  written  in  1969 
in  assembler  with  a  back-end  VSAM 
database. 

So  a  few  years  ago,  he  received  ap¬ 
proval  to  re-engineer  the  system.  The 
IT  team  is  developing  the  new  system 
in  Java  based  on  a  three-tiered  archi¬ 
tecture  using  WebSphere  MQSeries 
and  DB2.  But  the  new  system,  now 
halfway  complete,  doesn’t  run  on  Unix 
or  Windows  hardware.  It,  along  with 


Growth 

Inhibitors 


Data  center  managers  cited  software 
costs  as  the  largest  inhibitor  to  in¬ 
creasing  their  use  of  mainframes. 


Hardware  costs 
IBM  software  costs 

Third-party  software  costs  j||^ 

Base:  100  data  centjjlonference  attendees 
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the  systems  still  in  production  and  the 
development  and  quality  assurance 
testing  environments,  all  run  within  a 
single  logical  partition  on  a  210  MIPS 
uniprocessor  IBM  zSeries  880  with 
a  z/OS  Application  Assist  Processor 
(zAAP)  that  handles  the  Java  workload. 

The  new  Java  code  runs  on  a  zAAP. 
Keeping  the  applications  off  the  main¬ 
frame  processor  keeps  CPU-based 
licensing  for  third-party  applications 
from  rising  while  boosting  the  total 
system  capacity  to  366  MIPS.  But  Di¬ 
Angelo  doesn’t  have  a  lot  of  third-party 
software  to  worry  about.  He  says  de¬ 
clining  mainframe  operating  costs  have 
allowed  the  company  to  grow  from  an 
80  MIPS  system  to  the  210  MIPS  box 
plus  the  zAAP  processor  while  total 
costs  remained  “relatively  stable.” 

Walker  isn’t  convinced.  “We  could 
run  Java  code  in  a  z9,  but  it  would 
make  it  the  world’s  most  expensive 
Java  CPU,”  he  says. 

Barnett  agrees  —  partially.  “If  you 
have  Java  or  workloads  that  need 
high-speed  access  to  mainframe  data, 
running  it  on  a  mainframe  partition 
is  a  viable  choice,”  he  says.  “But ...  for 
generic  Linux  or  Java  workloads,  it  still 
isn’t  an  obvious  consolidation  platform.” 

IBM  is  hoping  that  others  will  follow 
MIB  Group’s  example.  “IBM  is  pushing 
one  box,  multiple  architectures,”  says 
Gartner’s  Vecchio. 

Guru  Rao,  an  IBM  fellow  and  chief 
engineer  for  eServer,  says  consolidat¬ 
ing  a  three-tiered  architecture  on  the 
mainframe  when  data  resides  there 
makes  sense  because  communications 
between  the  front  and  back  end  don’t 
have  to  go  over  a  latency-prone  TCP/IP 
network.  On  the  mainframe,  he  says, 
“you  can  communicate  with  each  of 
these  spaces  using  instructions  as  op¬ 
posed  to  TCP  traffic.” 

DiAngelo  acknowledges  that  rewrit¬ 
ing  applications  isn’t  always  practical. 
“Doing  a  rip-and-replace  is  a  big  thing,” 
he  says  of  the  five-year  project.  “There 


P  ans  for 
Cobo  Apps 


Which  of  the  following  best  describes 
your  company’s  strategy  for  its  main¬ 
frame  Cobol  applications? 


Don’t  - Move  all  Cobol  appli- 

know:  5%  cations  to  Windows/ 

Intel  or  Unix:  11% 

Base:  158  nongovernment  IT  decision-makers 


are  things  you  can’t  afford  to  re-engi¬ 
neer,  and  they  will  probably  always  sit 
in  the  place  where  they  were  developed.” 

The  transition  also  requires  more 
horsepower  for  an  application  that  con¬ 
sumes  up  to  300  I/Os  per  transaction 
and  up  to  130,000  transactions  per  day. 
“Java  requires  more  CPU  power  than 
assembler,  [and]  as  you  move  from  pro¬ 
prietary  VSAM  to  a  generated  database 
system,  you  lose  efficiencies.  With  Web¬ 
Sphere,  MQSeries  and  DB2,  you  have  to 
crank  the  dial  up,”  DiAngelo  says. 

Another  question  is  whether  that 
strategy  will  scale  for  applications  be¬ 
yond  a  few  hundred  MIPS  in  size,  says 
Vecchio.  On  the  high  end,  IT  must  move 
to  SOA  because  there  are  no  other  op¬ 
tions,  he  says.  “The  hope  for  mainframe 


customers  is  that  WebSphere  and  Java 
can  perform  with  the  same  quality  of 
service  that  they  have  come  to  expect 
from  CICS,  IMS  and  Cobol,”  he  says. 

Publicis  Group  SA  moved  entirely 
off  of  an  MVS  mainframe  and  onto  an 
open  system.  The  advertising  agency 
deployed  high-density  Hewlett-Packard 
Co.  blade  servers  and  VMware  Inc.  par¬ 
titions  to  increase  utilization  levels.  It 
migrated  the  primary  application  —  a 
financial  reporting  system  that  includ¬ 
ed  client  billing,  ERP  and  reporting  that 
amounted  to  80%  of  the  mainframe 
workload  —  to  PeopleSoft.  Other  appli¬ 
cations  were  either  ported  or  retooled 
entirely,  says  CIO  Christian  Anschuetz. 
“It  was  a  Herculean  effort,  to  be  sure,” 
he  says  of  the  four-year  project. 

His  main  motivation  was  cost.  The 
mainframe  was  “extraordinarily  ex¬ 
pensive”  and  not  agile  enough  for  the 
organization’s  needs,  Anschuetz  says, 
and  “the  licensing  costs  associated 
with  the  development  tools  were  just 
astronomical.”  Publicis  has  reduced  its 
operating  costs  by  10%  a  year. 

Even  after  considering  the  manage¬ 
ment  costs  of  a  distributed  system  and 
the  cost  of  the  Intel  servers  needed  to 
replace  the  mainframe,  the  total  cost 
of  ownership  was  still  “dramatically 
lower,”  Anschuetz  says. 

He  says  he  did  have  concerns  about 
moving  off  the  mainframe.  “I  remember 
someone  telling  me  we  shouldn’t  get  rid 
of  the  mainframe,  it’s  five  9s,  and  you’re 
going  to  be  running  this  Windows 
junk,”  Anschuetz  says.  “The  reality  is 
that  [our  distributed  systems]  are  up  all 
of  the  time,  and  our  actual  [mean  time 
between  failures]  is  tremendous.” 

When  it  comes  to  dealing  with  legacy 
applications,  there  are  no  across-the- 
board  answers,  says  Robert  Rosen, 
president  of  Share,  a  Chicago-based 
IBM  mainframe  user  group.  “Where 
you  get  into  trouble  is  when  you  try  to 
force-fit  a  solution,”  he  says.  “Taking 
the  best  of  both  worlds,  that’s  the  key.”  * 


The  hope  for  mainframe 
customers  is  that  WebSphere 
and  Java  can  perform  with 

fi 


the  same  quality  of  service 
that  they  have  come  to  expect 
from  CICS,  IMS  and  Cobol. 
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DALE  VECCHIO,  ANALYST,  GARTNER  INC. 


It’s  pretty  obvious  that 
you  don’t  need  main¬ 
frames  to  do  large-scale 
transactions. 


ALAN  WALKER,  VICE  PRESIDENT, 
SABRE  HOLDINGS  C0RP. 
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Buzz  Aldrin  took  a  slide  rule  to  the  moon. 


GROVES  OF  ACADEME 


A  STROLL  THROUGH  THE  TECHNOLOGY  LANDSCAPE 


Slipsticks  to  the  Moon 


IN  THE  EARLY  1600s,  John  Napie 
Scottish  mathematician  who  had  pre 
develoDed  Naoier’s  Bones,  which  wi 


New  Chip  Gives  Sharper 
Pix  on  Less  Power 

IMAGING  CHIPS  revolutionized  the  photo¬ 
graphy  industry,  and  now  the  chips  themselves 
are  being  revolutionized  by  researchers  at 
the  University  of  Rochester.  A  pair  of  recently 
patented  technologies  may  soon  enable  power- 
hungry  imaging  chips  to  use  just  a  fraction  of 
the  energy  they  use 
today  and  capture  bet¬ 
ter  images  to  boot -all 
while  enabling  cameras 
to  shrink  to  the  size  of 
a  shirt  button  and  run 
for  years  on  a  single 
battery. 

The  University  of 
Rochester  team  of 
Mark  Bocko,  profes¬ 
sor  of  electrical  and 
computer  engineering, 
and  Zeljko  Ignjatovic,  assistant  professor  of 
electrical  and  computer  engineering,  has 
designed  a  prototype  chip  that  can  digitize 
an  image  at  the  level  of  individual  pixels.  The 
researchers  are  now  working  to  incorporate  a 
second  technology  that  will  compress  the  im¬ 
age  with  far  fewer  computations  than  the  best 
current  compression  techniques. 

“These  two  technologies  may  work  togeth¬ 
er  or  separately  to  greatly  reduce  the  energy 
cost  of  capturing  a  digital  image,”  says  Bocko. 
“One  is  evolutionary  in  that  it  pushes  current 
technology  further.  The  second  may  prove  to 
be  revolutionary,  because  it's  an  entirely  new 


way  of  thinking  about  capturing  an  image  in 
the  first  place.” 

The  first  technology  being  developed 
integrates  an  oversampling  "sigma-delta” 
analog-to-digital  converter  at  each  pixel  loca¬ 
tion  in  a  CMOS  sensor.  Previous  attempts  to 
do  this  on-pixel  conversion  have  required  far 
too  many  transistors,  leaving  too  little  area  to 
collect  light.  The  new  designs  use  as  few  as 
three  transistors  per 
pixel,  reserving  nearly 
half  of  the  pixel  area  for 
light  collection.  Initial 
tests  on  the  chip  show 
that  at  video  rates  of 
30  frames  per  sec¬ 
ond,  it  uses  just  0.88 
nanowatts  per  pixel 
-  50  times  less  than 
the  industry's  previous 
best.  It  also  trounces 
conventional  chips 
in  dynamic  range,  which  is  the  difference 
between  the  dimmest  and  brightest  light  that 
can  be  recorded.  Existing  sensors  can  record 
light  1,000  times  brighter  than  their  dimmest 
detectable  light,  a  dynamic  range  of  1:1,000, 
while  the  Rochester  technology  already  dem¬ 
onstrates  a  dynamic  range  of  1:100,000. 

The  second  technology  has  taken  many  re¬ 
searchers  by  surprise.  Using  a  method  called 
focal-plane  image  compression,  Bocko  and 
Ignjatovic  have  figured  out  a  way  to  arrange 
photodiodes  on  an  imaging  chip  so  that  com¬ 
pressing  an  image  demands  as  little  as  1°/o  of 
the  computing  power  usually  needed. 


DIFFERENCE  ENGINES 


IBM  SCIENTISTS  have  developed  a  powerful 
new  technique  for  exploring  and  controlling  mag¬ 
netism  at  its  fundamental  atomic  level.  The  new 
method  promises  to  be  an  important  tool  not  only 
in  the  quest  to  understand  the  operation  of  future 
computer-circuit  and  data-storage  elements  as 
they  shrink  toward  atomic  dimensions,  but  also  in 
the  quest  to  lay  the  foundation  for  new  materials 
and  computing  devices  that  leverage  atom-scale 
magnetic  phenomena. 

“We  have  developed  a  window  into  the  atomic 
heart  of  magnetism,”  says  Andreas  Heinrich,  re¬ 
search  staff  member  at  IBM’s  Almaden  Research 
Center  in  San  Jose.  “We  can  now  position  atoms 
and  then  measure  and  control  their  magnetic 
interactions  within  precisely  designed  structures.” 

The  new  method,  called  spin-excitation  spec¬ 
troscopy,  uses  IBM's  low-temperature  scanning 
tunneling  microscope  designed  for  use  with  a 
broad  range  of  magnetic  fields  up  to  140,000 
times  stronger  than  the  Earth’s.  The  researchers 
first  move  atoms  into  position  and  then  measure 
the  interactions  between  their  atomic  spins, 
which  are  the  fundamental  sources  of  magnetism. 

IBM  researchers  expect  to  use  this  new  tech¬ 
nique  in  the  future  to  do  the  following: 

■  Explore  the  limits  of  magnetic  data  storage. 

■  Determine  the  feasibility  of  spin-based 
wires  and  a  spin  version  of  the  molecular-motion 
cascade. 

S3  Investigate  how  engineered  spin  inter¬ 
actions  could  be  applied  to  quantum  information 
systems. 

The  new  research  builds  upon  the  IBM  team’s 
development  in  late  2004  of  spin-flip  spectro¬ 
scopy  -  a  method  for  measuring  magnetic  prop¬ 
erties  of  single  atoms,  and  a  breakthrough  step 
toward  quantum  computing. 


An  8-  by  28-nanometer  area  of  the  terraced 
copper  and  copper-nitride  surface  where  IBM’s 
magnetism  experiments  were  performed.  The 
scientists  tested  magnanese  atom  structures 
on  both  the  conducting  and  insulating  surfaces. 
The  visible  humps  on  the  surfaces  are  the 
manganese  structures,  one  to  10  atoms  long. 
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IBM  Puts  Its  Spin 
On  Magnetism 
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These  Rules  Will  Keep 
Users  in  Their  Place 

The  rule  of  least  privilege  and  separation  of 
duties  will  keep  users  out  of  network  places 
they  don’t  belong.  By  Mathias  Thurman 


AS  INFORMATION 

security  profession¬ 
als,  we  tend  to  throw 
around  certain 

terms  when  we  talk  about  how 
information  security  should 
be  implemented.  Lately,  when 
I’ve  gone  to  meetings  or  writ¬ 
ten  an  e-mail  that  gives  me  a 
chance  to  evangelize  about 
our  security  needs,  my  terms 
of  preference  have  been  “rule 
of  least  privilege”  and  “separa¬ 
tion  of  duties.” 

The  rule  of  least 
privilege  arises  in 
regard  to  our  cli¬ 
ent  virtual  private 
network.  This  IPsec 
VPN,  which  is  oper¬ 
ated  using  Nortel 
Networks  Ltd.’s  VPN  Gateway, 
allows  our  employees  to  work 
remotely  as  if  they  were  on  our 
internal  network,  with  access 
to  most  applications,  services 
and  internal  infrastructure. 

In  contrast,  Secure  Sockets 
Layer  VPNs  allow  the  remote 
use  of  only  those  protocols 
and  applications  that  are  sup¬ 
ported  by  the  vendor  of  the 
SSL  VPN.  For  example,  most 
SSL  VPNs  won’t  support  the 
remote  use  of  our  implementa¬ 
tion  of  BMC  Software  Inc.’s 
Remedy,  which  we  use  as  our 
IT  service  management  ap¬ 
plication.  But  our  client-based 
IPsec  VPN  seamlessly  allows 
users  to  launch  Remedy  while 
on  the  road  and  connected  to 
our  wireless  infrastructure. 

The  limitations  of  an  SSL 
VPN  can  actually  be  desir¬ 
able.  Many  of  our  company’s 
contractors,  vendors,  suppliers 
and  partners  are  given  access 
to  our  portal  environment 
through  an  SSL  VPN,  which 
naturally  limits  what  they 
can  access.  But  some  of  them 
require  client  VPN  access  be¬ 


cause  they  need  to  use  applica¬ 
tions  that  aren’t  available  via 
the  SSL  VPN. 

At  the  heart  of  a  client  VPN 
are  profiles.  Currently,  we  are 
using  a  single  profile  for  every 
user  with  access  to  the  VPN, 
and  it  provides  full  access  to 
the  network.  The  idea  was  to 
provide  an  officelike  environ¬ 
ment  for  remote  users,  but  nat¬ 
urally,  we  don’t  want  to  give 
full  infrastructure  access  to 
nonemployees  such 
as  partners,  suppli¬ 
ers  and  contractors. 

In  fact,  often  there 
is  no  good  reason  to 
give  full-time  em¬ 
ployees  full  access 
to  the  network. 

For  example,  someone  in 
marketing  shouldn’t  be  able  to 
access  the  administrative  in¬ 
terface  of  a  production  Oracle 
database  containing  financial 
information. 

Of  course,  that  marketing 
employee  wouldn’t  have  the 
proper  credentials  to  actually 
access  the  financial  database, 
but  it’s  still  risky  to  give  users 
the  potential  to  access  things 
they  shouldn’t  be  allowed  to 
see.  This  is  where  the  rule 
of  least  privilege  comes  in. 
With  it,  you  give  a  person  only 
enough  access  so  that  he  can 
do  his  job  —  nothing  more, 
and  nothing  less. 

What  lies  behind  the  rule 
of  least  privilege  is  a  concept 
called  dynamic  groups.  When 
placed  within  a  dynamic 


Before  we 
can  leverage 
dynamic  groups, 
the  network  has  to 
be  prepared. 


group,  a  user’s  role  in  the  com¬ 
pany  dictates  which  areas  of 
the  network  he  can  and  can’t 
access.  For  example,  when  a 
systems  administrator  authen¬ 
ticates  to  the  VPN,  his  profile 
should  allow  him  to  access 
critical  servers.  Someone  from 
my  information  security  team 
should  be  allowed  to  access 
certain  security-related  ap¬ 
plications. 

For  dynamic  groups  to  work, 
the  VPN  concentrator  has  to 
be  able  to  dynamically  create 
profiles  that  ideally  would  be 
based  on  attributes  within  our 
Active  Directory  setup.  An 
employee  whose  Active  Direc¬ 
tory  attribute  set  identifies 
him  as  part  of  the  Unix  group 
should  be  granted  access  ap¬ 
propriate  to  someone  working 
on  Unix  servers.  And  someone 
from  shipping  and  receiving 
should  be  granted  very  limited 
access  to  a  few  applications. 
The  concept  is  all  well  and 
good,  but  before  we  can  lever¬ 
age  dynamic  groups,  the  net¬ 
work  has  to  be  prepared. 

The  Ideal  and  the  Real 

And  that  brings  us  to  separa¬ 
tion  of  duties.  To  use  job  func¬ 
tions  as  a  means  for  control¬ 
ling  access  to  our  network,  the 
network  has  to  be  segmented 
properly.  Unfortunately,  this 
was  never  done  before  I  came 
on  board  as  the  security  man¬ 
ager,  and  making  a  change  to 
the  environment  to  segment 
the  network  according  to  criti¬ 
cality  is  no  trivial  task.  Virtual 
LANs  and  networks  have  to  be 
resized  and  configured.  Rout¬ 
ing  changes  need  to  be  put  in 
place.  Firewall  rules,  servers 
and  applications  have  to  be 
modified.  And  the  list  goes  on. 

Ideally,  we  would  segment 
the  network  so  that  a  single 
segment  would  contain  all 
employee  desktops,  except  for 
those  of  certain  users,  such  as 
systems  administrators  and 
network  engineers,  who  would 


be  situated  on  an  isolated  net¬ 
work  with  a  trust  relationship 
to  the  production  data  center. 
Within  the  server  farm,  there 
would  be  separate  networks 
and  virtual  LANs  for  Web,  ap¬ 
plication  and  database  servers. 
This  arrangement  would  let  us 
control  the  relationships  be¬ 
tween  these  servers  and  help 
prevent  malicious  activity. 

For  example,  in  a  three¬ 
tiered  application  such  as  SAP, 
there  is  no  reason  for  a  Web 
server  to  have  any  relationship 
with  a  database  server.  The  re¬ 
lationship  should  be  between 
the  Web  server  and  the  ap¬ 
plication  server.  These  are  the 
types  of  separations  of  duties 
that  I  am  trying  to  achieve. 

There  will  have  to  be  com¬ 
pensating  controls  for  certain 
situations  that  are  likely  to 
arise.  For  example,  placing 
systems  administrators  on  an 
isolated  administrative  net¬ 
work  might  prove  to  require 
too  much  effort.  That  could  re¬ 
sult  from  our  use  of  the  DHCP 
(Dynamic  Host  Configuration 
Protocol)  or  simply  because 
of  the  way  our  network  is 
architected.  A  compensating 
control  in  this  case  might  be 
to  place  a  bastion  host  —  a 
gateway  between  the  critical 
network  and  the  general  cor¬ 
porate  network  —  on  a  sepa¬ 
rate  network  and  have  that 
bastion  host  be  the  only  server 
that  can  access  the  production 
environment.  The  purpose 
of  a  bastion  host  is  to  defend 
against  attacks  aimed  at  our 
critical  network.  We  would 
then  force  all  administrators 
to  authenticate  to  the  bastion 
host  before  accessing  any  of 
our  production  servers. 

I  don’t  imagine  I’ll  win  many 
friends  with  my  recommenda¬ 
tions,  but  I  will  be  able  to  sleep 
better  knowing  that  our  infra¬ 
structure  is  a  bit  more  secure 
than  it  was  before.  ► 


WHAT  DO  YOU  THINK? 

This  week's  journal  is  written  by  a  real 
security  manager,  “Mathias  Thurman," 
whose  name  and  employer  have  been 
disguised  for  obvious  reasons.  Contact 
him  at  mathias.thurman@yahoo.com,  or 
join  the  discussions  in  our  security  blogs: 
compuferworld.com/blogs/security 

To  find  a  complete  archive  of  our  Security 
Manager's  Journals,  go  online  to 

computerworld.com/secjournal 
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Security  Bookshelf 

Selecting  MPLS  VPN  Ser¬ 
vices,  by  Chris  Lewis  and 
Steve  Pickavance  (Cisco 
Press,  2006). 

Any  decent 
information 
security  pro¬ 
fessional  needs 
a  working 
knowledge  of 
the  most  up-to- 
date  networking 
technologies,  such  as  Multi¬ 
protocol  Label  Switching. 
The  authors  are  thorough 
and  fairly  technical,  cover¬ 
ing  everything  from  general 
networking  protocols  to 
Dynamic  Multipoint  VPNs. 
As  a  security  guy,  I  es¬ 
pecially  liked  Chapter  7, 
which  discusses  security 
issues  within  the  MPLS 
VPN  environment.  This  is  a 
must-have  title  for  security 
professionals  and  network 
engineers  alike. 

-  MATHIAS  THURMAN 


U.S.  District  Judge  David 
Doty  in  Minnesota  ruled 
last  month  that  Wells  Fargo 
Bank  was  not  negligent  in 
a  case  of  data  theft.  Two 
customers  had  filed  a  class- 
action  lawsuit  against  the 
bank  after  computers  con¬ 
taining  customer  informa¬ 
tion,  including  names  and 
Social  Security  numbers, 
were  stolen  in  2004.  Doty 
ruled  that  Wells  Fargo  was 
not  negligent  because  the 


McAfee  Inc.’s  AVERT  I 
group,  the  number  < 
attacks  detected  inf 
quarter  of  2006  was  up 
700%  from  a  year  earlier. 
AVERT  also  found  that  the 
use  of  stealth  technologies 
has  increased  more  than 
600%  in  just  three  years. 
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A  DEEPER  LOOK. 


hreats  emerge  every  day,  and  they’re  extremely  elusive,  it’s  time  for  a  deeper  level  of  protection:  SonicWALL3  network 

'  -  'i  f  -,  "'A  ^A''' 

ins.  SonicWALL  solutions  are  built  on  a  deep  packet  inspection  architecture  that  can  examine  every  packet  of  data  before 
work.  When  deployed  with  the  SonicWALL  Gateway  Anti-Virus,  Anti-Spyware  and  Intrusion  Prevention  Service,  viruses, 
ire,  phishing  attacks,  and  other  emerging  threats  are  stopped  dead.  Unlike  stateful  inspection,  SonicWALL  solutions 
of  network  traffic.  And  because  they’re  tuned  to  handle  deep  inspection  at  high  speed,  they  provide  exceptional  levels  of 


mance  at  load  conditions.  Want  to  learn  about  deep  protection  products  and  services  that  don’t  sacrifice  performance? 
nicwall.com/maqnifv  or  call  1.888.557.6642  for  more  details.  ''A$k 
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Virtual 

Machines 

DEFINITION 

A  virtual  machine  is  a  self-contained  operating  environment, 
created  by  a  software  layer,  that  behaves  as  if  it  were 
a  separate  computer.  Benefits  of  creating  virtual  machines 
include  better  exploitation  of  powerful  computing 
resources  and  isolation  of  applications  to  prevent 
cross-corruption  and  improve  security. 


BY  JAN  MATLIS 

T  THE  simplest  level, 
computing  environ¬ 
ments  are  thought  to 
consist  of  hardware, 
an  operating  system  that  runs 
on  the  hardware  and  appli¬ 
cations  that  run  on  the  OS 
—  though  in  embedded 
systems,  the  operating 
system  is  sometimes 
eliminated  and  applica¬ 
tions  run  directly  on  the 
hardware.  The  OS  is  aware  of 
all  the  capacity  and  capability 
of  the  underlying  hardware 
and  controls  it  directly. 

If  another  layer  of  software 
were  placed  between  the  OS 
and  the  CPU,  then  the  OS 
would  know  only  what  that  ex¬ 
tra  layer  of  software  told  it.  Its 
understanding  of  the  capacity 
and  capability  of  the  underly¬ 
ing  hardware  would  depend  on 
the  intervening  software  layer, 
and  it  would  be  able  to  control 
the  underlying  hardware  only 
in  ways  the  intervening  layer 
of  software  allowed  it  to. 

The  intervening  layer  of 
software  could  tell  the  OS 
everything  there  was  to  know 
about  the  hardware  and  simply 
pass  through  control  direc¬ 
tives  without  translation.  But 
it  also  might  not  reveal  every¬ 
thing  about  the  underlying 
hardware  and  might  add  some 
control  of  its  own  as  it  passes 


on  the  control  directives  to 
the  OS. 

In  either  case,  the  configura¬ 
tion  would  not  be  the  standard 
tripartite  configuration.  It 
would  be  one  of  the  many  pos¬ 
sible  configurations  that  is 
called  a  virtual  machine. 

Of  course,  there  are 
servers,  networks  and 
Web  interfaces,  as  well 
as  other  devices  and 
interfaces,  that  add  nu¬ 
ance  and  complexity  to  com¬ 
puting  environments.  But  us¬ 
ing  a  software  layer  to  package 
a  set  of  computing  resources 
and  behaviors  and  to  present 
it  as  an  available  computing 


environment  is  at  the  core  of 
what  it  means  to  create  a  vir¬ 
tual  machine. 

A  virtual  machine  is  a  com¬ 
puting  environment  whose  set 
of  resources  and  behaviors  is 
built  (through  software)  on 
top  of  some  other  computing 
environment. 

Hypervisor  VMs 

Virtual  machines  are  at  the 
core  of  server  technologies 
like  VMware  Inc.’s  ESX  Server 
and  the  open-source  Xen  vir¬ 
tual  machine  monitor.  Both  of 
these  products  offer  servers 
that  run  multiple  x86-based 
OSs  simultaneously.  Their  ap¬ 


proaches  are  slightly  different 
variations  of  what  are  called 
hardware-level,  bare-metal  or 
hypervisor  virtual  machines. 
The  intermediary  software 
layer  (called  the  virtual  ma¬ 
chine  monitor  or  hypervisor) 
is  between  the  OS  and  the 
hardware.  The  hypervisor 
gives  all  the  OSs  that  are  run¬ 
ning  the  illusion  that  they  are 
the  only  OS  running  on  the 
hardware. 

Running  multiple  OSs  on 
one  server  platform  offers 
several  advantages.  It  makes 
it  possible  to  more  fully  use 
the  resources  of  very  power¬ 
ful  servers,  provide  backward 
compatibility  for  legacy  pro¬ 
grams  and  partition  applica¬ 
tions  to  different  OSs  so  they 
can’t  corrupt  one  another. 

VMware  uses  transparent 
virtualization,  which  means 
that  the  OSs  that  run  on  the 
hypervisor  do  not  need  to  be 
modified.  Xen  uses  paravir- 
tualization,  which  means  that 
it  needs  to  modify  the  OSs  to 
make  them  run  simultane¬ 
ously  on  the  hardware.  Xen 
claims  that  paravirtualization 
increases  speed  and  efficiency. 

Hosted  VMs 

Microsoft  Corp.’s  Virtual  PC 
and  VMware’s  GSX  Server 
and  Workstation  are  called 
hosted  virtual  machines.  In 
these  products,  the  VM  is  like 
any  other  application  running 
on  an  OS.  The  VM  application 
is  divided  into  an  intermediary 
software  layer,  an  OS  and  an 
application  running  on  that  OS. 


This  scheme  is  less  efficient 
and  less  powerful  than  that 
used  for  hypervisor  servers, 
but  it  provides  the  same  kind 
of  advantages,  allowing  a  user 
to  run  legacy  programs  and 
to  partition  applications  from 
the  rest  of  the  system.  A  user 
who  wants  to  visit  dangerous 
Web  sites,  for  example,  could 
add  a  layer  of  protection  by 
doing  his  surfing  via  a  virtual 
machine. 

Application-Level  VMs 

Application-level  VMs,  such  as 
the  Java  virtual  machine,  are 
similar  to  the  hosted  model  in 
that  they  run  as  applications. 
These  VMs,  however,  combine 
the  intermediary  software 
layer  with  the  OS.  The  Java 
VM  runs  like  an  application 
on  the  native  OS,  and  the  Java 
application  runs  on  the  VM. 

One  of  the  advantages 
claimed  for  this  programming 
paradigm  is  that  a  Java  pro¬ 
gram  will  run  on  any  Java  VM 
without  recompilation.  That  is 
left  to  the  provider  of  the  Java 
VM,  which  must  make  it  run 
on  a  variety  of  native  OSs. 

Parallel  Virtual  Machine 

The  parallel  VM  is  a  slightly 
different  approach  to  creating 
a  virtual  machine.  In  this  case, 
the  intermediary  software 
layer  exists  as  a  daemon,  or  a 
server  program,  along  with  a 
set  of  library  calls,  which  must 
be  compiled  into  the  applica¬ 
tion  that  is  going  to  be  run  on 
the  parallel  VM.  The  library 
calls,  which  interact  with 
the  server  programs,  make  a 
network  of  computers  appear 
to  be  a  single  computer  with 
parallel  processors. 

As  the  saying  goes,  you  can 
make  software  do  anything. 
Although  efficiency  and  speed 
may  be  an  issue,  as  long  as 
there  is  an  intermediary  soft¬ 
ware  layer,  virtualization  can 
be  made  a  reality.  » 


Matlis  is  a  freelance  writer  in 
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VIRTUAL  CONFIGURATIONS 


Standard  configuration, 
no  virtual  machines 


The  applications  run 
directly  on  the  OS,  which 
runs  directly  on  the 
hardware. 
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HYPERVISOR  SOFTWARE 

HARDWARE 

With  the  hypervisor  layer 
between  the  hardware  and 
OSs,  each  OS  believes  it  is 
running  in  the  standard  con¬ 
figuration,  when  in  fact  it  is 
sharing  the  resources  of  the 
underlying  hardware. 


Hardware-level  or  hypervisor 
virtual  machines 


Hosted 

virtual  machines 

The  virtual  machine  runs 
as  an  application  on  the 
host  OS.  There  is  an  in¬ 
termediary  layer  of  soft¬ 
ware  between  the  host 
OS  and  the  guest  OS. 
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Java  app 

Java  virtual 
machine 

OS 

HARDWARE 

Application-level 
virtual  machines 

A  Java  virtual  machine 
runs  as  an  application 
on  the  OS.  The  Java  ap¬ 
plication  runs  on  the  Java 
virtual  machine. 
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Iona,  AmberPoint 
Team  on  SOA  Tools 

■  Iona  Technologies  Inc.  and 
AmberPoint  Inc.  have  announced 
a  new  partnership  to  integrate 
their  tools  to  give  users  more 
visibility  into  messages  and 
business  processes  flowing 
through  a  service-oriented 
architecture.  The  partnership 
calls  for  the  integration  of  Iona’s 
Artix  enterprise  service  bus  with 
AmberPoint’s  SOA  Management 
System.  The  deal  marks  the  first 
time  AmberPoint  has  integrated 
its  SOA  management  software 
with  an  ESB. 


Sarbanes-Oxley 
Tool  Updated 

■  Stellent  Inc.  has  unveiled  Ver¬ 
sion  7.6  of  its  Stellent  Sarbanes- 
Oxley  Solution  compliance 
software.  It  features  enhanced 
master  component  and  process 
libraries  for  improved  centralized 
management,  as  well  as  inter¬ 
nationalization  capabilities  for 
users  who  speak  Dutch,  French, 
German,  Japanese,  Korean, 
Portuguese  or  Spanish.  Also 
new  in  Version  7.6  are  selective- 
control  testing  capabilities  that 
let  auditors  select  control  sets 
that  span  multiple  processes, 
according  to  Stellent.  The  prod¬ 
uct  is  available  now  starting  at 
$100,000. 


Acronis  Upgrades 
Backup  Imaging  App 

■  Acronis  Inc.  has  roiled  out  the 
latest  version  of  Acronis  True  Im¬ 
age.  The  backup  imaging  appli¬ 
cation  now  allows  operating  sys¬ 
tems  and  other  applications  to 
be  restored  to  system  hardware 
that’s  different  from  the  original 
hardware.  This  capability,  as  well 
as  the  ability  to  boot  a  remote 
computer  to  restore  a  system 
partition,  is  being  added  to  Acro¬ 
nis  True  Image  Enterprise  Server, 
Acronis  True  Image  Server  for 
Windows  and  Acronis  True  Im¬ 
age  Workstation.  Pricing  starts 
at  $999  for  Acronis  True  Image 
Enterprise  Server  9.1,  $699  for 
Acronis  True  Image  Server  for 
Windows  and  $79.99  for  Acronis 
True  image  Workstation. 


DOUGLAS  SCHWEITZER 


Factory  Settings  — 
Insecure  by  Default 


SO,  you  just  set  up  a  shiny  new  wireless  router 
at  home  or  at  your  office.  As  convenient  as  it  is 
to  have  no  strings,  or  at  least  wires,  attached, 
(that  new  router  may  have  punched  a  hole  in 
your  security  schema  and  set  you  up  for  un¬ 
wanted  trouble.  The  reason  you  could  now  be  vulnera¬ 
ble  is  simple:  default  settings.  Remember,  manufactur¬ 
ers  often  turn  off  security  and  certain  other  features  by 


default  so  that  their  prod¬ 
ucts  will  be  easier  to  set  up 
and  integrate  into  a  wide 
variety  of  networks. 

Unfortunately,  this  de¬ 
fault  dilemma  isn’t  limited 
to  wireless  routers.  Just 
about  every  new  laptop 
these  days  is  powered  by 
the  Windows  XP  operating 
system  and  incorporates 
built-in  wireless  capability. 

To  make  these  laptops  easy 
to  integrate  into  wireless 
networks,  XP  may  be  set 
so  that  when  a  user  boots 
up  the  operating  system, 

Windows  will  look  for  any 
available  wireless  connection. 

Many  so-called  hot  spots  know  this 
and  make  it  as  easy  as  possible  for  you 
to  use  that  laptop  or  handheld  wireless 
device  to  access  the  Internet.  Toward 
that  end,  they  may  have  turned  off 
the  WEP  (Wired  Equivalent  Privacy) 
security  feature  by  default.  In  fact, 
many  public  wireless  access  points, 
like  those  in  hotels  and  airports,  don’t 
enable  WEP,  although  that  may  soon 
change  as  people  become  more  aware 
of  the  dangers  of  this  default. 

When  I  recently  installed  my 
Verizon-provided  Westell  wireless 
DSL  router/gateway,  it  was  factory-set 
at  64-bit  WEP  by  default.  Sounds  nice, 
but  that’s  just  too  weak  for  me,  so  I 
quickly  switched  that  to  256,  the 
maximum  supported. 

The  problem  is  that  WEP  itself  is 
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flawed  and  weak,  and,  with 
the  right  tools  and  knowl¬ 
edge,  it’s  fairly  easy  to  cir¬ 
cumvent,  no  matter  what 
bit  of  encryption  is  used. 
The  truth  is,  using  WEP  is 
better  than  not  using  any¬ 
thing  at  all  for  keeping  the 
general  public  from  spying 
on  your  data,  but  it’s  far 
from  an  ideal  defense. 

This  is  why  I  strongly 
recommend  that  home  or 
small-business  users  con¬ 
sider  using  WPA  (Wi-Fi 
Protected  Access)  in  all 
their  home  computers  and 
network  devices.  WPA  and 
its  more  recent  iteration,  WPA2,  are 
more  secure  than  WEP.  There  is  one 
caveat  to  using  it,  however:  All  your 
wireless  devices  must  be  WPA-capable 
in  order  to  play  together. 

Another  default  setting  that  can  help 
to  undermine  your  best  security  inten¬ 
tions  is  the  automatic  broadcast  of  a 
service  set  identifier.  Simply  put,  an 
SSID  is  the  name  of  a  wireless  LAN 
and  can  be  thought  of  as  a  label  that 
distinguishes  one  WLAN  from  an¬ 
other. 

Wireless  access  points  are  often  pre¬ 
configured  with  a  default  name  for  the 
SSID,  and  that  is  usually  vendor- 
specific  —  such  as  “linksys,”  “netgear” 
or  perhaps  a  generic  name  like  “de¬ 
fault.”  An  SSID  may  contain  up  to  32 
case-sensitive  alphanumeric  charac¬ 
ters.  Because  the  SSID  is  configured 


within  your  access  point,  I  recommend 
changing  it  to  one  of  your  own  design. 

Another  point  of  concern  is  the 
SSID  broadcast.  Most  wireless  routers 
or  access  points  by  default  will  auto¬ 
matically  transmit  their  network  name 
—  the  SSID  —  into  open  air  at  regular 
intervals  so  they  can  be  found  and 
connected  to.  By  disabling  the  SSID 
broadcast,  your  wireless  access  point 
becomes  invisible  to  all  except  wire¬ 
less  clients  that  already  know  the  SSID. 

The  truth  is  that  the  security  gained 
here  is  marginal  at  best,  since  anyone 
with  the  right  packet-sniffing  tools  can 
still  detect  the  SSID  by  sniffing  dif¬ 
ferent  messages  in  the  Wi-Fi  protocol. 
Despite  this  shortcoming,  I  still  like  to 
disable  the  SSID  broadcast,  because 
it  does  make  it  less  likely  that  casual 
intruders  will  discover  and  attempt  to 
enter  your  wireless  network. 

Another  feature  that  is  usually 
turned  off  by  default  is  MAC  (media 
access  control)  address  filtering.  A 
MAC  address  is  a  hexadecimal  hard¬ 
ware  address  that  identifies  each  node 
of  a  network.  Each  wireless  client  will 
have  one,  and  they  can’t  be  changed 
because  they  are  “burned”  into  the 
hardware.  You  can,  however,  control 
any  client  access  to  your  wireless  net¬ 
work  by  turning  on  “MAC  filtering”  in 
your  access  point  or  wireless  router. 

With  this  done,  you  can  specify  a 
list  of  approved  or  allowed  MAC  ad¬ 
dresses.  When  MAC  filtering  is  being 
used,  only  those  wireless  clients  with 
their  MAC  addresses  listed  will  be  per¬ 
mitted  to  access  the  network. 

While  straight-from-the-box  wire¬ 
less  computing  is  an  appealing  thought, 
it  should  be  just  that  —  a  thought. 
Considering  the  potential  for  abuse,  it’s 
better  for  users  to  invest  a  little  time 
and  effort  to  configure  some  settings 
and  engage  some  security  measures. » 
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Legal  Notice 


If  You  Purchased  DLT IV™  Tapes  for  Your  Data  Back-Up 

Please  Read  This  Legal  Notice 

You  May  be  Entitled  to  Benefits  From  a  Proposed  Class  Action  Settlement 


A  settlement  has  been  proposed  in  a  class  action  lawsuit  that  can  affect 
your  rights.  The  settlement  will  provide  free  DLT  IV  tapes  for  class 
members  who  submit  Claim  Forms.  A  DLT  IV  tape  is  a  type  of  magnetic 
tape  storage  in  a  cartridge  form  that  is  inserted  into  a  tape  drive  in  order 
to  back-up  or  archive  data  for  businesses  and  other  computer  users. 
This  Notice  is  a  summary  of  your  legal  rights  and  choices  before  the 
Court  decides  whether  to  approve  the  settlement.  For  more  complete 
information,  you  should  read  the  full  Notice  of  Proposed  Class  Action 
Settlement,  which  you  can  obtain  by  calling  the  toll-free  number  below 
or  visiting  the  website,  www.tapedrivesettlement.com. 

What  Is  the  Lawsuit  About? 

The  lawsuit  claims  that  the  Defendants  Quantum  Corp.,  Fhtachi  Maxell, 
Ltd.,  Maxell  Coiporation  of  America  (collectively  “Maxell”),  Fuji  Photo 
Film  Co.,  Ltd.  and  Fuji  Photo  Film  U.S.A.,  Inc.  (collectively  “Fuji”) 
(all  are  collectively  referred  to  as  “Defendants”)  agreed  to  keep  Imation 
Corporation  from  entering  the  market  for  DLT  IV  tapes,  causing  the 
prices  for  those  tapes  to  be  higher  than  they  should  have  been.  The 
lawsuit  was  brought  on  behalf  of  a  certain  group  of  purchasers  of  DLT 
IV  tapes  (the  “Class  Members”),  and  asks  that  Class  Members  be 
compensated  for  their  purchases.  Defendants  deny  the  claims  made  in 
the  lawsuit,  deny  that  anyone  has  been  harmed  in  relation  to  the  claims, 
and  have  asserted  a  number  of  defenses. 

Am  I  a  Class  Member? 

You  are  a  Class  Member  if: 

•  You  purchased  DLT  IV  tapes  (excluding  Imation-certified  Blackwatch 
Digital  Linear  Tape  IV  brand)  at  any  time  from  August  5,  1999  to 
May  30, 2002;  and 

•  Your  purchase  was  made  from  within  California;  and 

•  You  were  either  a  California  resident  or  business  located  in  California 
at  the  time  of  the  purchase;  and 

•  You  did  not  purchase  the  DLT  IV  tape  to  resell  to  others. 

You  are  NOT  a  Class  Member  if  you  are  a  retailer,  distributor  or 
wholesaler  who  purchased  the  DLT  IV  tapes  directly  from 
Quantum,  Maxell  or  Fuji,  or  from  anyone  else  for  resale. 

What  Are  the  Settlement  Benefits? 

Class  Members  who  submit  a  Claim  Form  will  receive  free  DLT  IV 
tapes.  The  number  of  free  tapes  you’  11  receive  will  depend  on  the  number 


that  you  purchased  between  August  5,  1999  and  May  30,  2002,  and 
may  be  impacted  by  the  total  number  of  tapes  claimed  by  other  Class 
Members.  The  DLT  IV  tapes  will  be  distributed  to  Class  Members 
who  submit  complete  and  valid  Claim  Forms.  The  distribution  process 
of  the  free  tapes  is  explained  in  detail  in  the  full  Notice  of  Proposed 
Class  Action  Settlement. 

How  Do  I  File  a  Claim? 

The  full  Notice  and  Claim  Form  package  has  everything  you  need  to 
file  a  claim.  Just  call  or  visit  the  website  below  to  get  one.  To  qualify 
for  free  tapes,  you  must  complete  and  send  in  the  Claim  Form  by 
July  31, 2006. 

What  Are  My  Other  Options? 

If  you  want  to  stay  in  the  Class,  you  should  complete  and  send  in  a 
Claim  Form.  If  you  stay  in  the  Class  and  the  Court  approves  the 
settlement,  you  won’t  be  able  to  sue  the  Defendants  on  your  own 
about  the  claims  in  the  lawsuit.  Your  other  legal  rights  and  options 
are: 

•  Exclude  yourselffrom  the  settlement.  If  you  don’t  want  any  settlement 
benefits  and  want  to  keep  the  right  to  bring  your  own  lawsuit  against 
the  Defendants  about  the  claims  in  this  lawsuit,  you  can  ask  to  be 
excluded  from  the  Class.  Your  exclusion  request  must  be  in  writing 
and  mailed  postmarked  no  later  than  May  30,  2006  as  detailed  in 
the  full  Notice. 

•  Object  to  the  settlement.  If  you  don’t  exclude  yourself,  you  can  tell 
the  Court  you  don’t  like  the  settlement  or  some  part  of  the  settlement. 
You  must  send  your  objection  by  May  30,  2006  for  the  Court  to 
consider  it  as  detailed  in  the  full  Notice. 

•  Appear  at  the  Court’s  hearing.  The  Court  will  hold  a  hearing  on 
June  20,  2006  to  consider  whether  to  approve  the  settlement.  The 
court  will  also  consider  the  application  for  attorneys’  fees  and  costs. 
If  you  (or  your  own  lawyer)  want  to  appear  and  speak  at  this  hearing, 
you  must  file  a  Notice  of  Appearance  by  May  30, 2006  as  detailed  in 
the  full  Notice. 

For  more  details  about  how  to  file  a  Claim  Form,  exclude  yourself, 
object,  or  file  a  Notice  of  Appearance,  please  read  the  full  Notice  of 
Proposed  Class  Action  Settlement.  Please  remember  that  if  you  exclude 
yourself,  you  can’t  file  a  Claim  Form.  You  can  still  file  a  Claim  Form  if 
you  object  or  appear  at  the  hearing. 


For  more  information  and  a  copy  of  the  full  Notice  of  Proposed  Class  Action  Settlement  and  Claim  Form, 

Call  1-866-216-0278,  or  visit  www.TapeDriveSettlement.com 


04.24.06 


OPINION 

Global  IT:  Are  You  Up  to  the  Challenge? 

Like  her  CIO  clients,  Barbara  Gomolski  is  excit¬ 
ed  about  the  opportunities  of  a  global  economy, 
but  she’s  also  concerned  that  executives  could 
woefully  underestimate  what  it  takes  to  build  a 
truly  global  IT  presence.  PAGE  50 


Q&A 

Managers’  Forum 

When  management  demands  project  perfec¬ 
tion  on  an  unreasonable  deadline,  you’ve  got  a 
lot  of  educating  to  do,  says  Paul  Glen.  He  also 
discusses  the  differences  between  executive 
MBAs  and  garden-variety  MBAs.  PAGE  44 


Career  Watch 

IT  staffing  expert  Katherine  Spencer  Lee 
sees  a  war  for  IT  talent  on  the  horizon. 
Plus,  a  Michigan  organization  wants  to 
help  high  school  girls  “get”  IT,  and  the 
feds  release  a  report  on  high-tech  job 
prospects  through  2014.  PAGE  46 
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III  could  come  from  n 
Many  are 

Technology 

Career  changers  provide  needed  pools  ^  ^  • 
of  potential  IT  talent.  By  Mary  K.  Pratt 


HE  RESUME  of  your  next  CIO 
might  look  something  like 
that  of  physician  Mitch  Mor¬ 
ris,  newspaperman  Dan  Gin- 
gras  or  accountant  H.  James 
Dallas.  Your  next  application 
developer  could  be  a  nurse 
manager;  your  next  help  desk  staffer, 
a  mill  worker.  Your  next  IT  manager 
marketing. 

are  making  those  kinds 
of  career  changes, 
and  as  a  conflu¬ 
ence  of  factors 
transforms  the 
U.S.  workforce,  IT 
managers  need  to 
be  on  the  lookout 
for  potential  talent, 
regardless  of  its  place 
of  origin.  “Chang¬ 
ing  demographics  are 
going  to  force  them  to  do  that,”  says 
Gretchen  Coch,  director  of  the  skills 
development  program  at  the  Comput¬ 
ing  Technology  Industry  Association. 

The  upcoming  retirements  and  semi- 


retirements  of  baby  boomers  will 
take  millions  of  workers  out  of  full¬ 
time  employment.  Meanwhile,  there 
aren’t  enough  young  people  coming 
up  through  the  ranks  to  fill  the  ex¬ 
pected  vacancies.  And,  particularly 
problematic  for  IT  leaders,  the  num¬ 
ber  of  college  students  in  technology 
and  computer-related  programs  has 
dropped.  “You  put  all  this  together, 
and  it’s  quite  a  big  issue,”  says  Claire 
Schooley,  an  analyst  at  Cambridge, 
Mass.-based  Forrester  Research  Inc. 

But  the  good  news  is  that  more  peo¬ 
ple  are  willing  to  make  major  career 
changes  than  in  the  past. 

Schooley  says  that  human  resources 
managers  have  been  watching  these 
trends  for  a  while  and  developing  strat¬ 
egies  to  cope  with  them.  IT  managers 
need  to  do  the  same.  They  have  to 
broaden  their  recruitment  and  reten¬ 
tion  efforts  to  ensure  that  they’re  cap¬ 
turing  those  career  changers  and  aging 
boomers  who,  with  their  business 
experience  and  IT  acumen,  can  really 
drive  a  business  forward. 
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“That’s  a  pool  of  talent  not  to  be 
ignored,”  says  Leon  J.  Leach.  As  execu¬ 
tive  vice  president  of  the  University  of 
Texas  M.D.  Anderson  Cancer  Center  in 
Houston,  Leach  oversaw  Morris’  per¬ 
formance  there  as  CIO. 

Unusual  Resume 

Morris’  work  experience  is  quite  differ¬ 
ent  from  that  of  most  CIOs.  He  started 
as  a  surgical  oncologist  at  M.D.  Ander¬ 
son  in  1985,  four  years  after  graduating 
from  medical  school.  He  became  inter¬ 
ested  in  how  technology  could  improve 
the  delivery  of  health  care  and  volun¬ 
teered  to  serve  on  technology-related 
committees. 

His  avocation  became  his  job  when 
he  took  the  hospital’s  top  tech  position 
in  1997.  He  worked  as  CIO  there  until 
2001,  when  he  left  to  join  First  Consult¬ 
ing  Group  in  Long  Beach,  Calif. 

Leach  acknowledges  that  Morris 
wasn’t  a  techie  but  says  he  “displayed 
an  aptitude  and  interest”  in  IT.  How¬ 
ever,  being  an  IT  natural  doesn’t  make 
up  for  years  of  experience  coming  up 
through  the  ranks,  “so  Mitch  had  to 
make  sure  he  had  good  people  work¬ 
ing  for  him,”  Leach  says.  For  example, 
Morris  created  a  deputy  CIO  position 
and  hired  a  strong  tech  person  to  fill  it. 

Morris  himself  concedes 
that  his  technical  expertise 
wasn’t  the  same  as  that  of 
someone  who  had  spent  a 
career  in  the  trenches.  But  he 
says  that  didn’t  hinder  him. 

“To  be  a  successful  CIO,  you 
have  to  appreciate  how  the 
technology  works,  you  have  to 
know  how  to  manage  people, 
but  you  don’t  have  to  go  into 
a  data  center  and  play  with 
cables,”  he  says. 

Morris  says  he  had  some¬ 
thing  more  valuable:  an 
understanding  of  how  the 
hospital  worked  and  what 
end  users  needed.  “If  you 
understand  the  business  and 
are  able  to  drive  the  business, 
that’s  as  important  as  making 
sure  the  trains  run  on  time 
within  IT,”  he  says. 

Not  everyone  agreed  with 
that  point,  at  least  initially. 

“There’s  always  skepticism. 

There  are  challenges  that  you 
can  encounter  where  people 
paint  you  into  a  position  be¬ 
cause  of  your  background,” 

Morris  says.  “You  have  to 
prove  yourself  with  results.” 

Initially,  for  example, 
vendors  would  explain  their 
products  “like  I  had  a  learning 


disability,”  Morris  says.  His  approach 
with  them  was  direct:  “I’d  just  say, 

‘Let’s  cut  to  the  chase.’  And  once  I  got 
to  know  people,  [my  background]  was 
not  an  issue.” 

The  Middleman 

Dallas  encountered  similar  skepticism 
when  he  moved  from  accounting  into 
the  IT  department  at  Atlanta-based 
Georgia-Pacific  Corp.  He  started  there 
as  a  cost  accountant  shortly  after 
graduating  in  1983  with  a  bachelor’s 
degree  in  accounting.  As  the  company 
advanced  its  computer  systems,  Dallas 
says  he  saw  an  opportunity  to  be  “the 
man  in  the  middle”  —  the  one  who  un¬ 
derstands  the  business  requirements  as 
well  as  the  technology. 

He  took  evening  programming 
courses  at  Georgia  State  University  and 
joined  the  IT  department  as  a  program¬ 
mer  trainee  in  late  1984  —  a  time,  he 
says,  when  everyone  else  in  the  depart¬ 
ment  held  tech-related  diplomas.  “They 
were  skeptical  of  my  abilities  in  the  be¬ 
ginning,”  Dallas  recalls.  But  he  proved 
himself  to  his  colleagues  and  spent  the 
next  20  years  working  up  the  ranks  at 
Georgia-Pacific,  moving  between  man¬ 
agement  jobs  in  IT  and  the  business 
divisions.  He  became  CIO  in  2002  and 
retired  late  last  year. 

Changing  Times 

CIOs  must  increasingly  con¬ 
sider  recruiting  people  like 
Dallas  and  Morris  to  fill 
their  IT  positions,  says  Bill 
Gilbert,  managing  director 
at  Futurestep,  a  Korn/Ferry 
International  company  in  Los 
Angeles  that  provides  out¬ 
sourced  recruiting  services. 

They’ll  also  have  to  be 
more  flexible.  Studies  show 
that  many  baby  boomers  will 
continue  to  work  in  some 
capacity  beyond  retirement 
age.  Many  will  want  reduced 
hours  and  responsibilities 
as  well  as  flexible  schedules. 
Some  might  also  want  to  re¬ 
tain  their  senior-level  benefits, 
such  as  long  vacations.  “The 
baby  boomer  group  is  going  to 
have  a  lot  of  different  effects 
on  what  jobs  look  like,  what 
retirement  is,”  Schooley  says. 

IT  shops  are  already  mak¬ 
ing  adjustments,  because  the 
market  for  workers  has  tight¬ 
ened  considerably  in  the  past 
year  or  so,  says  Gilbert.  He  ex¬ 
pects  that  the  competition  for 
talent  will  only  become  fiercer 
as  boomers  retire  en  masse. 
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IT  hiring  managers  will  have  to 
be  more  receptive  to  candidates  who 
have  taken  e-learning  and  noncollege 
technology  courses,  Gilbert  says.  They 
also  need  to  work  with  other  manag¬ 
ers  to  identify  rising  stars  throughout 
the  company  and  provide  them  with 
cross-functional  training.  “You  have 
to  manage  your  own  talent  across  the 
enterprise,”  he  says,  adding  that  such 
direction  has  to  come  from  the  top  to 
ensure  that  companies  identify  and 
track  such  individuals  and  get  them 
the  training  and  education  they  need. 
“Companies  need  to  be  in  touch  with 
their  employees,”  Gilbert  says.  “That’s 
key  to  hanging  on  to  them.” 

All  Welcome 

Such  strategies  have  worked  for  Don¬ 
ald  Newsom,  vice  president  of  IT  at 
Caraustar  Industries  Inc.,  an  integrated 
manufacturer  of  recycled  paperboard 
in  Austell,  Ga.  Newsom  started  as  a 
bookkeeper  at  Caraustar  in  1974,  be¬ 
fore  moving  into  what  was  then  data 
processing.  He  now  draws  many  of  his 
own  new  IT  workers  from  other  fields. 
Some  started  as  switchboard  operators, 
receptionists  and  mill  workers. 

Newsom  sends  these  workers  for 
focused  training  or  college  degrees  or 
pairs  them  with  mentors.  “I  will  take 
a  person  who  gets  along  very  well  and 
works  hard,  and  I  can  make  them  any¬ 


thing  they  want  to  be,”  he  says. 

Newsom  says  he  can  do  this  because 
of  the  culture  he  has  established.  Be¬ 
cause  he  and  other  managers  came  to 
IT  from  other  business  disciplines,  new 
hires  from  other  fields  know  they’re 
welcome.  He  invests  in  training  and 
development.  And  he  tracks  employees’ 
interests  and  progress,  which  allows 
him  to  know  their  strengths  and  talents. 

“It’s  perfectly  acceptable  for  some¬ 
one  to  come  up  through  another 
discipline,  as  long  as  they  know  that 
managing  IT  is  a  discipline  all  its  own 
—  and  they  get  a  graduate  degree  or 
get  the  credentials  to  do  that,”  says  Dan 
Gingras,  a  partner  in  the  IT  leadership 
practice  at  Tatum  LLC,  an  executive 
consulting  and  services  firm  in  Atlanta. 

Gingras  should  know.  He  worked 
in  journalism  for  seven  years  before 
he  learned  programming  skills  in  the 
early  1980s.  He  worked  his  way  up  to 
serve  as  CIO,  CTO  and  even  CEO  at 
numerous  companies. 

“I  think  we’re  going  to  see  many 
more  [IT]  people  coming  from  inside 
the  company  but  outside  the  IT  orga¬ 
nization,”  he  says,  adding  that  with  the 
changing  demographics,  smart  CIOs 
will  be  welcoming  them. » 


Pratt  is  a  Computerworld  contributing 
writer  in  Waltham,  Mass.  Contact  her  at 
marykpratt@verizon.net. 
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Welcome,  to  the 
HkT  Managers'  Forum! 

I  I  hope  this  monthly 

column  will  provide 
a  lively  exchange 
of  ideas  with  IT 
w#  managers.  I’ll  do 

my  best  to  answer 
■  1 1  j  1  I  In  S|  your  questions, 
and  some  of  your 

responses  will  run  alongside  in  “Read¬ 
ers  Talk  Back.”  Please  send  your 
questions,  comments  and  critiques  to 
me  at  pgfen@c2-consulting.Gom, 


Management  wants  perfect  proj¬ 
ects  but  won't  allocate  enough 
time  to  test  our  products.  How 
do  I  persuade  them  to  allot  more 
time? 

Before  we  consider  managing 
your  boss’s  demands,  let’s  ad¬ 
dress  one  of  the  assumptions  behind 
your  question.  You  seem  to  assume 
that  given  adequate  time,  you  can  actu¬ 
ally  deliver  perfect  products.  This  is  a 
dangerous  delusion.  Even  given  infinite 
time,  you’re  unlikely  to  achieve  perfec¬ 
tion,  but  with  enough  time,  you  can 
deliver  craftsmanlike  work.  So  before 
trying  to  persuade  your  boss  to  length¬ 
en  testing  time,  you  need  to  adjust  your 
own  definition  of  success. 

And  now,  to  your  boss.  A  couple  of 
different  approaches  come  to  mind. 
First,  let’s  consider  the  professional  ap¬ 
proach  to  the  problem.  Start  by  telling 
the  brutal  truth.  Explain  to  your  boss 
(who  probably  already  understands 
this  anyway)  that  perfect  projects  and 
bug-free  products  don’t  exist.  When  a 
manager  asks  you  for  something  that’s 
not  possible,  don’t  simply  salute  and 


say  yes.  It’s  your  responsibility  to  let 
him  know  about  reality.  If  I  ask  my 
doctor  to  make  me  29  years  old,  and  he 
says  OK  and  starts  prescribing  drugs, 
that’s  malpractice.  If  your  boss  asks 
you  to  deliver  perfection  and  you  don’t 
protest,  that  is  a  form  of  malpractice, 
too.  You  have  the  same  responsibilities 
to  your  supervisors  as  independent 
professionals  have  to  their  clients. 

Next,  explain  that  if  quality  is  to  be 
your  first  priority,  you  need  to  priori¬ 
tize  other  constraints  on  the  project: 
schedule,  budget  and  feature  set.  Work 
with  management  to  make  appropriate 
trade-offs  given  the  business  situation. 
If  they  tell  you  that  all  four  are  top  pri¬ 
orities,  you’ll  need  to  explain  that  that’s 
not  possible. 

Of  course,  not  every  boss  responds 
well  to  the  constraints  of  reality,  so  you 
may  need  to  couple  this  with  a  differ¬ 
ent  approach.  Let’s  call  it  appealing  to 
his  rational  self-interest. 

When  a  boss  demands  perfection, 
there  are  usually  a  few  common  causes, 
including  personal  ambition,  self- 
delusion  or  pass-through.  Personal 
ambition  leads  a  manager  to  think  that 
if  he  can  get  his  people  to  do  the  seem¬ 
ingly  impossible,  then  his  personal 
career  prospects  will  benefit.  The 
smarter  manager  with  this  motive 
will  not  promise  his  boss  as  much  as 
he  asks  from  his  subordinates,  so  as 
to  underpromise  and  overdeliver. 

A  self-deluded  manager  believes 
that  great  leaders  demand  and  get  the 
impossible.  He  has  come  to  believe 
that  the  sheer  force  of  his  demands  can 
overcome  the  constraints  of  nature. 
These  are  rather  dangerous  people, 
since  reason  often  doesn’t  seem  to 
penetrate  too  deeply  for  them. 


Finally,  pass-through  occurs  when  a 
manager  has  a  demanding  boss  himself 
who  asks  for  the  impossible.  The  man¬ 
ager  abdicates  his  own  professional 
responsibility  to  manage  his  manager’s 
expectations  and  just  passes  through 
the  request  for  supernatural  acts. 

So,  to  effectively  appeal  to  your 
boss’s  rational  self-interest,  you’ll  have 
to  guess  at  his  motivation  for  request¬ 
ing  the  impossible.  If  it’s  self-delusion 
or  pass-through,  you  can  explain  that 
you  are  concerned  that  he  and  you  will 
look  bad  by  trying  to  do  something  so 
difficult  and  that  you  would  both  ben¬ 
efit  from  scaled-down  expectations. 

If  your  boss  is  solely  motivated  by 
personal  ambition,  you’ve  got  a  tough 
job,  since  he  already  knows  that  he’s 
being  unreasonable.  You  can  explain 
that  such  unrealistic  demands  may 
damage  employee  morale  and  produc¬ 
tivity.  Groups  faced  with  impossible 
tasks  often  shut  down  and  deliver 
nothing.  Promising  his  own  boss  less 
and  then  meeting  or  exceeding  those 
expectations  can  serve  his  purposes 
better  than  risking  the  whole  project  by 
losing  the  support  of  the  staff. 

Q  Since  age  22, 1  have  run  health 
care  facilities  with  an  average  of 
100  employees.  I  am  interested  in 
furthering  my  education,  but  I  am 
confused  about  executive  MBA 
and  regular  MBA  courses  of  study. 
What  are  the  differences? 

Every  degree  program  is  unique,  but 
I  can  point  out  some  common  differ¬ 
ences  I’ve  noticed  between  regular  and 
executive  MBAs. 

1.  The  schedule  in  an  executive  MBA 
program  is  usually  adjusted  to  meet  the 
needs  of  those  in  demanding  positions. 

2.  Your  peers  in  the  executive  MBA 
program  will  be  experienced  manag¬ 
ers  who  are  working  full  time.  Peers 
can  make  a  big  difference  in  the  qual¬ 
ity  of  discussion  and  learning.  Given 
your  extensive  experience,  if  you  go 
to  a  general  MBA  program  populated 
by  twentysomethings  who  have  never 
managed  much  of  anything,  you  will 
probably  be  disappointed  by  the  qual¬ 
ity  of  group  discussion.  Also,  in  an  ex¬ 
ecutive  program,  the  people  you  add 
to  your  personal  network  will  be  more 
experienced. 

3.  Most  executive  MBA  programs 
cover  the  same  general  territory  as 
full-time  programs,  but  not  necessari¬ 
ly  in  as  much  depth.  Working  students 
don’t  have  time  to  read  as  much  or 
analyze  as  many  cases  as  full-timers. 
Instructors  may  also  skim  over  some 
material,  figuring  that  you’ve  already 
picked  it  up. » 


READERS  TALK  BACK 

More  on  Project 

■ 

On  the  question  of  a  project 
manager  being  dependent;  upon 
outside  people,  here  are  some 
approaches  I  have  used  in  the 
past  in  similar  situations: 

■  Communicate  your  needs  early 
and  often  to  outside  stakeholders 
and  their  supervisors.  Make  sure 
they  know  what  is  coming  so  that 
they  can  plan  for  it.  It  is  often 
best  if  you  ask  for  their  advice. 

If  you  can  get  them  to  describe 
the  necessary  steps,  you  will  be 
much  more  likely  to  get  results 
when  the  time  comes. 

■  Establish  an  informal  relation¬ 
ship  with  your  outside  stakehold¬ 
ers.  T ry  meeting  them  for  coffee, 
lunch  or  general  bull  sessions.  It 
makes  it  much  easier  to  discuss 
conflicting  interests  if  you  have 
previously  established  a  friendly 
relationship.  You  may  not  always 
get  everything  you  want,  but  you 
can  negotiate  fair  trade-offs. 

■  Use  periodic  risk-analysis  ses¬ 
sions  to  prebrief  your  sponsor  on 
potential  problems.  Don’t  wait  for 
the  problem  to  arise  before  let¬ 
ting  your  sponsor  know  about  it. 

■  Often,  your  sponsor  can  pro¬ 
vide  subtle  backdoor  influence 
regarding  departments  outside 
your  direct  control.  Don’t  be  a 
whiner,  but  dependencies  on  oth¬ 
er  personnel  should  be  discussed 
as  a  risk  far  in  advance.  And  in 
particularly  political  environ¬ 
ments,  a  mitigation  plan  should 
be  discussed  with  your  sponsor. 

Rarely  does  a  project  manager 
have  control  over  all  of  the  people 
and  things  that  may  affect  his 
project.  In  the  best  case,  commu¬ 
nications,  both  formal  and  infor¬ 
mal,  can  prevent  difficulties  from 
arising.  But  in  the  worst  case,  it 
ensures  that  the  difficulty  is  not  a 
surprise  to  anyone.  -  W.M. 

thanks  for  your  thoughtful 
comments.  Great  ideas  alt. 

1  Thanks  for  sharing  the  techr 
niques,  I  think  that  you’re  right. 
No  amount  of  methodology  or 

I  formal  commitment  can  substir 
:ute  for  a  sti  sssional 

relationship  with  the  sponsor 

-PAUL  GLEN 
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run  cool,  and  thanks  to  dual-core  technology  deliver  increased  performance.To  leam  more  about  maximum  performance, 
cost  savings,  and  the  power  of  cool  ,  visit  www.amd.com/lessenergy 


0  Advaheed 'Micro  Devite  &  AMD,  theAMDArTdw  logo,  M 
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HELPING 
GIRLS  IT 
GET! 


One  group  that  is  try¬ 
ing  to  do  something 
about  the  dearth 

I  of  students  enter¬ 
ing  the  IT  profes¬ 
sion  -  and  aim¬ 
ing  specifically 
at  girls  -  is  the 

_  Michigan  Council  of 

Women  in  Technology. 

It  was  the  spark  behind  the  formation 
of  a  club  at  University  High  School 
in  Ferndale,  Mich.,  with  the  catchy 
name  GET  IT  (which  is  an  acronym  of 
the  not-so-catchy  Girls  Exploring  To¬ 
gether  Information  Technology).  The 
idea  behind  the  club,  according  to  a 
story  in  the  Detroit  Free  Press,  is  to 
prepare  girls  for  careers  in  computer 
technology,  math  and  science. 


RFID  Talent  Pool 


CompTIA  has  launched  RFID+,  a  vendor- 
neutral  professional  certification  of  skills  in 
radio  frequency  identification  technology 
that  addresses  the  needs  of  RFID  hardware 
and  software  manufacturers,  value-added 
resellers,  training  developers  and  end  users 
of  the  technology.  The  certification  was 
developed  using  contributions  from  more 
than  20  organizations  at  the  forefront  of  the 
RFID  industry. 


75% 


Percentage  of  compa¬ 
nies  that  don’t  believe 
there  is  a  sufficient  pool  of  talent  in 
RFID  technology  from  which  to  hire. 

Base:  80  mostly  North  American  companies 

SOURCE:  THE  COMPUTING  TECHNOLOGY  INDUSTRY 
ASSOCIATION  INC.,  JANUARY  3006 


A  government  report  forecasts  tremendous  growth  in  the  need  for  computer  scientists 
and  database  administrators  over  the  next  eight  years,  but  almost  none  at  all  for  program¬ 
mers.  The  report  says  that  increased  emphasis  on  information  security  is  behind  the 
former  group's  shining  prospects.  It  adds,  though,  that  programming  jobs  will  be  harder  to 
find  “as  software  and  outsourcing  eliminate  many  routine  programming  tasks.”  Things  will 
be  especially  tough  for  those  without  formal  education,  the  report  says. 

Projected 

Employment,  employment  change,  Percentage 
2004  2004-14  change 


SOURCE:  U  S  BUREAU  OF  LABOR  STATISTICS.  OCCUPATIONAL  OUTLOOK  QUARTERLY.  SPRING  2006 


Katherine 
Spencer  Lee 


TITLE:  Execu¬ 
tive  director 


j  ORGANIZATION: 

Robert  Half 
Technology 


Robert  Half,  a 
flJr.A  provider  of  IT  staff 

UU»M  on  a  project  and 

full-time  basis, 

sees  a  battle  for  IT  talent  in  the  offing. 
Computerworld's  Jamie  Eckle  spoke 
about  the  trend  with  Spencer  Lee. 


What  evidence  does  Robert  Half  see  of 
a  shift  in  the  employment  market  from 
employer-driven  to  employee-driven? 

We're  finding  real  evidence  both  in  our  re¬ 
search  and  in  our  everyday  interactions  with  IT 
hiring  managers  and  job  applicants.  Research 
conducted  for  the  Robert  Half  Technology 
2006  Salary  Guide  finds  that  average  start¬ 
ing  salaries  for  all  technology  positions  are 
expected  to  climb  3%  this  year.  Much  greater 
increases  are  projected  for  positions  like  IT 
auditor  (11.2%),  lead  application  developer 
(5.3%)  and  network  security  administrator 
(5.2%).  These  gains  are  a  reaction  to  a  tight¬ 
ening  labor  pool  for  certain  specialties  and 
a  sign  that  employers  are  beginning  to  more 
aggressively  compete  for  candidates. 

In  addition,  according  to  the  Robert  Half 
International  and  CareerBuilder.com  EDGE 
Report,  nearly  half  of  surveyed  employees  say 
they  are  likely  to  seek  new  positions  at  other 
companies  within  the  next  three  years.  And 
60%  said  they  would  be  more  likely  to  nego¬ 
tiate  compensation  packages  now  than  even 
one  year  ago.  Although  the  survey  included 


respondents  from  a  variety  of  industries,  the 
results  are  no  less  true  within  IT  departments. 

In  what  might  be  the  most  telling  sign  of 
the  shifting  market,  anecdotal  feedback  from 
the  IT  hiring  managers  with  whom  we  work 
suggests  they  have  to  work  harder  to  attract 
and  hire  the  best  candidates,  many  of  whom 
are  receiving  job  offers  from  multiple  employ¬ 
ers.  CIOs  who  delay  the  employment  process 
too  long  are  finding  their  top  choices  accept¬ 
ing  positions  elsewhere. 

Is  this  increasing  recruiting  costs? 

While  we  are  unlikely  to  return  to  the  hiring 
levels  of  the  late  1990s,  companies  are  increas¬ 
ingly  recognizing  that  some  of  the  recruitment 
strategies  made  popular  during  the  dot-com 
era  are  needed  to  attract  high-demand  IT  talent 
today. 

In  addition  to  salary  increases  and  hiring 
bonuses,  many  firms  are  investing  in  more  cre¬ 
ative  tactics.  Innovative  firms  are  targeting  in¬ 
dividuals  with  specific  skill  sets  by  maintaining 
a  presence  at  venues  where  they’ll  be,  such  as 
user  group  meetings,  and  tracking  blogs  aimed 
at  these  professionals.  Advertising  or  posting 
jobs  on  Web  sites  and  in  e-newsletters  targeted 
at  those  same  groups  can  also  be  effective. 

Whatever  these  increased  recruiting  costs 
may  be,  smart  companies  realize  that  they’re 
far  less  than  the  potential  costs  associated 
with  losing  top  talent  to  the  competition. 

Anecdotally,  we  hear  a  lot  about  IT  pro¬ 
fessionals  with  lots  of  experience  who 
can’t  find  jobs.  How  do  you  explain  the 
discrepancy  there?  The  old  passage  “a 
rising  tide  lifts  all  boats"  applied  more  to  the 
IT  employment  boom  of  the  late  '90s  than 
it  does  to  growth  today.  Because  CIOs  are 
seeking  candidates  with  very  specific  skill 
sets  -  including  technical  expertise,  industry 
experience,  well-developed  soft  skills  and 
business  savvy  -  not  all  IT  professionals  are 
feeling  the  recent  gains  in  employment. 


MULTISOURCING 


Most  job  candidates  use  more  than 
one  source  for  their  job  searches: 

■  Internet, 

.it... 


newspaper,  other 

31.1% 

■  Internet,  newspaper 

18.7% 

■  Newspaper  only 

16.1% 

Newspaper,  other 

9.3% 

Internet  only 

8.4% 

Other  only 

8.4% 

Internet,  other 

8% 

Base:  Survey  of  5,000  households 

SOURCE  THE  CONFERENCE  BOARD,  DECEMBER  2005 


Got  Questions 
About  Storage? 


Computerworld’s  IT  Executive  Summit  Has  the  Answers 


If  you  are  an  IT  executive  in  an 
end-user*  organization,  apply  to  attend 
Computerworld's  upcoming 
complimentary  half-day  summit 
on  storage. 

The  rapid  proliferation  of  customer 
and  user  data  has  created  a  daunting 
challenge  for  your  storage  infrastructure. 
What  strategies  can  you  implement  to 
simplify  this  increasing  complexity? 
What  have  other  companies  done  to 
overcome  these  obstacles? 

At  this  user-oriented  IT  Executive 
Summit,  you  can  find  out  the  latest 
strategies  to  simplify  your  storage 
complexities.  And  you  can  speak 
directly  to  the  experts  who  are  making 
this  happen  in  real  world  settings. 

*  Complimentary  registration  is  restricted  to 
qualified  IT  executives  only. 


Apply  for  registration 
today 

Contact  Jean  Lee  at  888-299-0155 

or  visit:  www.itexecutivesummit.com 


Simplifying  Storage:  Proven 
Strategies  for  the  Real  World 

Thursday,  May  11,  2006  •  8:15am  to  Noon 

The  Rainbow  Room  •  NBC  Building,  65th  Floor  •  Pegasus  Suite 
30  Rockefeller  Plaza  •  New  York,  New  York 


Selected 

speakers  include: 


Todd  Thomas 
Chief  Information  Officer, 
Austin  Radiology 
Association 


Summit  Agenda 


7:45am  -  8:15am  Registration  and  Networking  Breakfast 


8:1 5am  -  8:30am 

8:30am  -  9:1 5am 
9:1 5am  -  9:45am 

9:45am  -  1 0:00am 


Introduction  and  Overview 

Julia  King,  National  Correspondent  and  Executive  Editor,  Events, 
Computerworld 

Market  Outlook  and  Trends 

Jon  Toigo,  Managing  Partner,  Toigo  Partners  International 

Zero  to  46TB  in  1 57,790,000  Seconds:  How  Austin 
Radiological  Addressed  Its  Storage  Explosion 

Todd  Thomas,  Chief  Information  Officer,  Austin  Radiology  Association 

Refreshment  and  Networking  Break 


1 0:00am  -  1 0:30am  Technology  Presentation 

Claude  Lorenson,  Group  Product  Manager,  Storage,  Microsoft  Corporation 


Joanne  Kossuth 
Chief  Information  Officer 
Franklin  W.  Olin  College 
of  Engineering 


Jon  Toigo 

Managing  Partner 

Toigo  Partners  International 


10:30am  -  1  1 :00am  The  Olin  College  Storage  Challenge:  Growth,  Backups, 
Business  Continuity 

Joanne  Kossuth,  Chief  Information  Officer,  Franklin  W.  Olin  College  of 
Engineering 

1 1 :00am  -  Noon  IT  End-User  Panel  Discussion 

Moderator:  Julia  King,  National  Correspondent  and  Executive  Editor, 
Events,  Computerworld 

Panelists:  Paul  Stubitsch,  Corporate  IT  Director,  Wilbert,  Inc.; 

Todd  Thomas,  Chief  Information  Officer,  Austin  Radiology  Association; 
Joanne  Kossuth,  Chief  Information  Officer,  Franklin  W.  Olin  College 
of  Engineering 

Optional  Afternoon  Sessions 

Noon  -  1 :00pm  Optional  Luncheon 
1 :00pm  -  2:30pm  Speed  Dating  with  Solution  Partners 


Claude  Lorenson 
Group  Product  Manager, 
Storage, 

Microsoft  Corporation 


Julia  King 

National  Correspondent 
and  Executive  Editor,  Events 
Computerworld 
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Easy  exercises  to  get  your 
mind  in  gear.  By  Gary 


THE  MEMOIR  of  John  Lennon’s 
first  wife,  Cynthia,  tells  how 
the  Beatles  —  ready  for  new 
ways  of  thinking  —  visited 
the  ashram  of  Maharishi  Mahesh  Yogi. 
Ringo  ran  out  of  the  canned  food  he 
had  brought  along  and  went  home  after 
two  weeks.  Paul  left  a  few  days  later 
but  became  a  lifelong  vegetarian.  John 
and  George  stayed  two  months.  John 
wrote  a  nasty  song  about  the  Mahari¬ 
shi,  and  George  integrated  the  teach¬ 
ings  into  his  daily  life. 

Twice  a  year,  Bill  Gates  spends  seven 
thoughtful  days  in  retreat.  He  reads, 
reportedly  with  a  self-enforced  rule: 

No  e-mail  or  phone  calls.  He’s  been 
doing  it  since  the  1980s,  at  first  while 
visiting  his  grandmother,  and  in  recent 
years,  at  a  secluded  waterfront  cottage 
in  the  Pacific  Northwest.  Last  year,  The 
Wall  Street  Journal  reported  that  after 
requesting  papers  from  Microsoft  em¬ 
ployees,  Gates  started  reading  on  sub¬ 
jects  like  computing  trends,  education 
product  strategy  at  Microsoft,  Virtual 
Earth,  Internet  worms,  speech  synthe¬ 
sis,  and  office  and  video-game  product 
strategies. 

Not  every  CIO  can  arrange  a  retreat 
as  exotic  as  the  Beatles’  or  as  practical 
as  that  of  Gates.  But  there  are  things 
you  can  do  during  the  course  of  a  day 
to  keep  your  mind  sharp  and  your 
thinking  critical  and  fresh.  Here  are  a 
few  suggestions: 

1.  LEARN  SOMETHING  NEW.  “It’s  hard 
to  find  the  time,  [but  you  must]  keep 
putting  yourself  in  situations  where 


you  learn  things,”  says  Lisa  Hooks, 
deputy  director  of  IT  services  at  the 
Library  of  Congress.  She’s  making  sure 
that  happens  by  pursuing  a  certificate 
in  advanced  project  management  from 
Stanford  University,  but  you  can  also 
do  it  by  walking  into  another  depart¬ 
ment  and  watching  people  work. 

2.  CHANGE  YOUR  FOCUS.  For  a  fresh 
view  of  a  business  problem,  Gregg  Le- 
voy,  author  of  Callings:  Finding  and  Fol¬ 
lowing  an  Authentic  Life  (Three  Rivers 
Press,  1998),  says  to  step  back  and  think 
about  a  nonwork  passion  at  which  you 
are  successful.  What  does  that  activity 


demand?  What  challenges  have  you 
faced,  and  what  have  you  achieved? 
Then  see  if  you  can  find  a  way  to  relate 
that  to  your  current  work  issue. 

3.  GET  OFF  SCRIPT.  “Scripted  think¬ 
ing”  serves  us  well  80%  to  90%  of  the 
time,  says  Dennis  Heindl.  For  the  rest 
of  the  time,  he  advocates  what  he  calls 
“hard  thinking.”  Scripted  thinking  is 
like  being  on  autopilot;  hard  think¬ 
ing  is  like  flying  through  a  storm,  says 
Heindl,  who  was  an  IT  manager  for 
the  Bell  System  for  years  and  is  now 
president  of  Greendale,  Wis.-based  Nth 
Degree  Software  Inc.  It’s  the  kind  of 
thinking  used  in  goal  setting,  making 
tough  decisions  and  being  innovative. 

To  help  facilitate  hard  thinking, 
Heindl  has  come  up  with  exercises  he 
calls  “thinklets”  (see  below).  “They  al¬ 
ter  scripted  thinking  patterns,”  he  says. 
“They  are  designed  as  small  bursts  of 
mental  stimuli  that  can  be  as  simple  as 
one  question.” 

“Thinklets  can  be  viewed  as  ‘thought 
switches’  that  activate  patterns  that  are 
not  commonly  used,  leading  to  new  as¬ 
sociations,  relationships  and  ultimately 
new  ways  of  thinking,”  Heindl  says. 

A  simple  example:  Heindl  tells  of 
working  with  an  IT  manager  who 
couldn’t  decide  between  two  final 
candidates  for  a  job.  Heindl  told  him  to 
flip  a  coin.  When  the  manager  saw  the 
outcome,  he  said,  “How  about  two  out 
of  three?”  He  had  already  made  his  de¬ 
cision;  he  just  didn’t  know  it  yet. 

4.  QUESTION  ASSUMPTIONS.  Peter 
Stockhausen  sharpens  his  critical 
thinking  with  a  decision-making  tool 
called  sensitivity  analysis.  It’s  an  exer¬ 
cise  that  looks  at  a  proposal  with  the 
assumption  that  the  actual  cost  or  time 


More  “Thinklets’ 


Here  are  some  “thinklets” 
from  Silver  Bullet  Consultants 
principal  Dennis  Heindl  to  help 
keep  your  mind  limber. 

PERSONAL  VISIONING:  Consider  the 
problem,  project  or  idea.  In  five  minutes, 
writing  as  quickly  as  you  can,  answer 
questions  like,  “What  do  I  want  to  do?” 
and  “What  will  this  be  like  when  it  is 
done?”  No  pauses!  This  technique  brings 
information  from  the  subconscious  to  the 
surface. 

TAP  YOUR  SUBCONSCIOUS:  Plant  a 
request  to  your  subconscious;  then  go  to 
lunch,  take  a  walk  or  get  a  good  night’s 


sleep.  Later,  check  back  for  a  response. 

REVERSE  THINKING:  Start  your  analy¬ 
sis  from  another  direction.  A  famous  ex¬ 
ample:  Instead  of  asking,  “How  can  we 
get  our  workers  to  the  material?”  Henry 
Ford  asked,  “How  can  we  get  the  materi¬ 
als  to  our  workers?” 

OTHER  VIEWPOINTS:  Find  other  per¬ 
spectives  on  an  issue  or  project,  such  as 
fresh  eyes,  unbiased  eyes  or  future  eyes. 

ATTRIBUTE  BRAINSTORMING:  Get 

down  to  basics:  size,  weight,  color,  dura¬ 
tion,  strength.  This  is  useful  for  product 
improvements  and  can  also  lead  to  other 
kinds  of  insights. 


will  overrun  to  a  certain  degree.  “It’s 
a  way  to  take  a  look  at  what  that  does 
to  the  benefits,”  says  the  former  CIO 
of  Manpower  Inc.,  who  is  currently  a 
principal  at  Wauwatosa,  Wis.-based 
Silver  Bullet  Consultants  LLC. 

“How  sensitive  is  the  decision  to 
all  the  parameters  that  were  put  into 
it?”  he  asks.  “Adjust  each  of  those  and 
make  them  worse  by  20%.”  If  the  ben¬ 
efits  remain,  then  you  probably  have  a 
winning  idea,  he  says. 

5.  SEE  YOURSELF  AS  OTHERS  SEE  YOU. 
“There  were  times  when  I  didn’t  neces¬ 
sarily  understand  enough  about  my¬ 
self,”  says  Ed  Goldman,  vice  president 
of  enterprise  operations  at  Bethesda, 
Md.-based  Marriott  International  Inc. 
He  recalls  an  experience  during  an 
MBA  course  that  revealed  this  and  led 
him  to  a  new  way  of  thinking.  After  a 
role-playing  exercise,  two  classmates 
evaluated  Goldman’s  performance,  and 
their  comments  surprised  him.  “It’s 
amazing  how  your  perceptions  about 
what  you’re  like  can  be  changed  when 
you  see  what  somebody  else  thinks 
about  you,”  he  says. 

An  everyday  way  to  work  on  self- 
knowledge,  Levoy  suggests,  is  to  keep 
a  personal  journal.  This  may  not  only 
help  you  know  yourself  better  —  it  may 
raise  red  flags  about  issues  before  they 
become  crises. 

However  you  choose  to  stay  sharp, 
don’t  leave  it  to  chance.  Find  a  tool  that 
works  for  you  and  apply  it.  As  Mahari¬ 
shi  Mahesh  Yogi  is  said  to  have  coun¬ 
seled,  “Whatever  we  put  our  attention 
on  will  grow  stronger  in  our  life.”  ► 


Shea  is  a  freelance  writer  in  Bayside, 
Wis.  Contact  him  at  garytshea@att.net. 


HIGH-PERFORMANCE  VIEW:  Have 

you  ever  been  “in  the  groove,”  where 
everything  is  humming  along  and  the 
productivity  is  high?  What  did  it  take? 
Think  of  how  to  create  an  environment 
that  supports  it. 


SWOT:  Identify  strengths,  weaknesses, 
opportunities  and  threats  related  to  the 
problem,  project  or  idea.  This  is  a  very 
useful  technique  in  strategic  planning 
sessions. 


JUST  START:  Do  something.  The  small¬ 
est  task,  like  picking  up  the  phone  or 
even  looking  up  a  phone  number,  can 
often  get  the  mental  wheels  turning. 

-GARY  SHEA 


THIS  NETWORK 


STEERS  CLEAR 
OF  DANGER 


Find  tools  and  guidance  to  defend  your  network  at  microsoft.com/security/IT 


►  Free  Tools  and  Updates:  Streamline  patch  management 
with  automated  tools  like  Windows  Server™  Update  Services. 
And  verify  that  your  systems  are  configured  for  maximized 
security  with  Microsoft®  Baseline  Security  Analyzer. 

►  Microsoft  Security  Assessment  Tool:  Complete  this 
free,  online  self-assessment  to  evaluate  your  organization's 
security  practices  and  identify  areas  for  improvement. 


►  Antivirus  for  Exchange:  Download  a  free  trial  of  Antigen®  for 
Exchange  and  arm  your  e-mail  server  with  powerful  multi-engine 
protection  from  viruses,  worms,  and  inappropriate  content. 

►  Learning  Paths  for  Security: Take  advantage  of  in-depth 
online  training  tools  and  security  expert  webcasts  organized 
around  your  specific  needs.  Then  test  your  security  solutions 
in  virtual  labs,  all  available  on  TechNet. 


©  2005  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  Antigen,  and  Windows  Server  are  either 
registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries. 


Microsoft 
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CIO  Priorities 
For  2006 


To  what  extent  will  each 
of  the  following  affect  your 
enterprise  in  2006? 


TREND 

2006 

RANK 

2005 

RANK 

Improving  business 
processes 

1 

1 

Controlling  operational 
costs 

2 

3 

Attracting/retaining/growing 
customer  relationships 

3 

* 

Supporting  competitive 
advantage 

4 

4 

Improving  bottom- 
line  profitability 

5 

* 

Expanding  the  use  of 
information  in  products 
and  services 

6 

7 

Security  breaches 
and  disruptions 

7 

2 

Need  for  revenue 
growth 

8 

6 

Faster 

innovation 

? 

10 

Data  protection/ 
privacy 

10 

5 

*NEW  QUESTION  IN  2006 

To  what  extent  will  each  of 
the  following  be  a  priority 
for  you  in  2006? 


ACTION 

2006 

RANK 

2005 

RANK 

Delivering  products  that 
enable  business  growth 

1 

Linking  business 
and  IT  strategies 

2^ 

2 

Building  business 
skills  in  IT 

3 

9 

Demonstrating  the 
business  value  of  IT 

4 

3 

Attracting/developing/ 
retaining  IT  personnel 

5 

* 

Applying  metrics  to 
the  IT  organization 
and  services 

6 

4 

Improving  the  quality 
of  IT  services 

7 

7 

Achieving  a  flexible 

IT  infrastructure 

8 

* 

Improving  IT 
governance 

9 

10 

Consolidating  IT 
organization  and  operations 

10 

8 

'NEW  QUESTION  IN  2006 

Base:  1,400  CIOs 

SOURCE  2006  GARTNER  EXP  SURVEY 
(CONDUCTED  SEPTEMBER-DECEMBER  2005) 


BARBARA  GOMOLSKI 


Up  to  the  Challenge? 


CIOs  across  the  U.S.  will  tell  you  that  one 
of  their  top  priorities  today  is  helping 
their  companies  take  advantage  of  the 
improving  economy.  Specifically,  business 
executives  are  all  aflutter  about  the  huge 
opportunities  in  emerging  markets  such  as  Asia  and, 
specifically,  China. 


I,  too,  am  excited  about 
the  opportunities  of  a  glob¬ 
al  economy,  but  I’m  also 
concerned  that  executives 
are  in  danger  of  woefully 
underestimating  what  it 
takes  to  build  a  truly  glob¬ 
al  IT  presence.  Consider 
the  following  examples: 

■  A  multibillion-dollar 
consumer  packaged  goods 
firm  has  standardized  on 
SAP  for  ERP,  but  because 
of  a  lack  of  consistency  in 
business  processes  across 
the  organization,  it  has 
been  unable  to  implement 
a  single  instance  outside 
the  U.S.  As  a  result,  it  is  not  getting  the 
maximum  value  out  of  this  significant 
IT  investment. 

■  Google  recently  announced  that  it 
will  set  up  a  new  site  for  the  Chinese 
market.  It  will  censor  itself  to  satisfy 
Chinese  government  authorities. 

■  A  CIO  at  a  manufacturing  firm  la¬ 
ments  that  countries  outside  of  the  U.S. 
have  pushed  back  on  some  corporate 
technology  standards,  claiming  that 
these  technologies  are  too  costly  for 
emerging  markets. 

I  could  go  on,  but  you  get  the  point: 
Doing  global  IT  is  a  lot  harder  than  it 
looks.  Today,  I  run  into  lots  of  CIOs 
at  companies  that  operate  around  the 
world,  but  almost  none  has  a  truly 
global  IT  organization.  Almost  none 
has  a  standard  set  of  IT  services  that 
is  consistent  everywhere.  Almost 
none  has  a  centralized  mechanism  for 


managing  risk,  compliance 
and  regulatory  matters. 
Almost  none  has  an  en¬ 
terprise  architecture  that 
stretches  across  continents. 
Almost  none  has  a  central 
resource-management  ca¬ 
pability  that  allows  human 
capital  to  be  managed  and 
leveraged  optimally  across 
the  globe. 

Will  IT  ever  be  global? 
One  could  argue  that 
IT  will  never  be  cen¬ 
trally  managed  around  the 
world.  Language  and  cur¬ 
rency  issues  mean  some 
applications  may  have 
to  be  swapped  out  in  unsupported 
geographies.  The  unavailability  of 
infrastructure  will  also  impede  some 
efforts  to  deploy  standard  technology 
everywhere.  Finally,  some  might  argue 
that  it’s  not  desirable  to  run  a  global  IT 
function  from  a  central  location.  The 
cultural  issues  alone  suggest  that  it 
may  be  best  to  keep  IT  closer  to  the 
local  business  units. 

Still,  the  notion  of  having  a  CIO  (and 
a  supporting  group  of  IT  profession¬ 
als)  on  every  continent  seems  to  be  a 
model  that’s  headed  for  extinction.  It’s 
too  costly  —  both  in  terms  of  well-paid 
professionals  and  in  terms  of  the  dupli¬ 
cation  and  conflicts  that  it  causes.  So, 
let’s  assume  that  establishing  a  fairly 
centralized,  global  model  is  what  large 
organizations  will  want  to  do.  Here  are 
the  issues  they  are  going  to  confront 
and  what  they  can  do  about  them: 


reporter,  is  a  vice  president 
at  Gartner  Inc.,  where  she 
focuses  on  IT  financial 
management.  Contact  her  at 

barbgomolski@yahoo.coni. 


The  battle  for  control.  If  you  are  in  a 
multinational  company  that  currently 
has  several  CIOs  (or  a  country-specific 
IT  function),  who  is  best  positioned  to 
lead  your  IT  organization?  Usually,  the 
CIO  at  headquarters  has  a  big  advan¬ 
tage  politically,  but  he  isn’t  always  the 
right  choice. 

Once  the  leadership  is  decided  upon, 
however,  there  will  still  be  IT  people 
in  far-flung  places,  and  these  people 
may  not  be  highly  motivated  to  sup¬ 
port  the  global  CIO.  It’s  essential  that 
performance  metrics  be  closely  linked 
to  cooperation  with  global  IT  manage¬ 
ment,  or  else  there’s  a  good  chance  that 
cooperation  won’t  happen. 

Technology  challenges.  As  I  mentioned 
above,  there  will  always  be  exceptions 
to  global  technology  standards.  To  the 
extent  that  the  organization  can  stan¬ 
dardize  its  core  systems,  however,  it 
will  move  a  long  way  toward  a  global 
model. 

The  cultural  issues.  We  all  know  that 
working  with  individuals  from  other 
cultures  is  a  challenge.  These  issues 
are  magnified  when  there  are  multiple 
locations  involved.  Selecting  a  global 
IT  leader  who  is  a  strong  communica¬ 
tor  is  a  must.  Choosing  someone  who 
has  worked  in  several  areas  of  the 
world  would  also  be  advantageous. 

The  geopolitical  issues.  As  the  Google 
example  illustrates,  there  are  myriad 
issues  that  will  affect  the  deployment 
of  technology  globally.  Organizations 
will  need  to  develop  a  competency 
within  IT  to  evaluate  the  risks  and  op¬ 
portunities  of  expanding  into  certain 
geographies. 

Building  a  global  IT  function  is 
fraught  with  challenges.  It  will  be  es¬ 
sential,  however,  if  organizations  ex¬ 
pect  to  capitalize  on  the  wealth  of  busi¬ 
ness  opportunities  around  the  world. » 


WANT  OUR  OPINION? 
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www.computerworld.com/columns 
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Indexer 


dtSearch 


‘Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a  single 
index  and  returns  results  in  less  than  a  second”  —  InfoWorld 

♦  over  two  dozen  indexed,  unindexed,  fielded  data 
and  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF,  while 
displaying  links,  formatting  and  IH'iMHAt- 

♦  converts  other  file  types  (word  processor,  database, 
spreadsheet,  email  &  attachments,  ZIP,  Unicode, 
etc.)  to  HTML  for  display  with  highlighted  hits 

♦  Spider  supports  static  and  dynamic  Web  content, 
with  WYSWYG  hit-highlighting 

♦  optional  API  for  C++,  .NET,  Java,  SQL,  etc. 

Ask  about  new  .NET  Spider  API 


Instantly  Sean* 

Terabytes  ofTexl 


Developer.Quotes  andjteviews 


-  +h  snider  (Si99) 

Desktop  with  Sp 

Network  with  Spider  If-ssoo) 

Web  with  Spider S999, 

publish  for  CD/DVDs  S2.50C 

Engine  for  Win  &• NET 

Engine  for  Linux 


For  hundreds  more  reviews  and  developer 
case  studies,  see  www.dtsearch.com 

Contact  dtSearch  for  fully-functional 
evaluations 

The  Smart  Choice  for  Text  Retrieval0  since  1991 


dtSearch  vs.  the 
competition: 

“dtSearch  easily 
overpowered  the 
document  indexing 
and  searching 
abilities  of  other 
solutions, 
especially  against 
large  volumes  of 
documents” 

Reliability: 
“dtSearch  got  the 
highest  marks 
from  our  systems 
engineering  folks 
that  I've  ever 
heard  of” 

Results:  “customer 
response  has  been 
phenomenal” 


“The  most  powerful 
document  search  tool  on 
the  market” 

—  Wired  Magazine 

“dtSearch ...  leads  the 
market” 

—  network  Computing 

“Blindingly  fast” 

—  Computer  Forensics: 
Incident  Response  Essentials 

“A  powerful  arsenal  of 
search  tools” 

—  The  New  York  Times 

“Super  fast,  super¬ 
reliable” 

—  The  Wall  Street  Journal 

“Covers  all  data  sources 
...  powerful  Web-based 
engines”  —  eWEEK 
Searches  at  blazing 


—  Computer  Reseller  News 
Test  Center 


1 -800-IT-EInDS "'•IwWwTdtsearch^com 


Reach  Respected  IT  Leaders  in 


The  Computerworld  Marketplace  advertising  sectit 
reaches  more  than  1.8  million  IT  decision  makers  e; 
week.  Marketplace  advertising  helps  Computerwori 
readers  compare  prices,  search  for  the  best  values! 
locate  new  suppliers  and  find  new  products  and  sei 
for  their  IT  needs.  J$ 
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Zeninfotech  is  looking  for 
computer  professionals  (multiple 
openings)  having  Masters/ 
Bach-elors  or  equivalent  in  CS, 
MIS,  CIS,  Math,  Tech,  Bus, 
Engin-eering  (any  field),  or 
related.  Must  have  experience 
in  any  of  the  following  skills  sets: 

1.  Oracle,  Oracle  Financial 
Ap-plication  including  modules 
such  as  AP,  AR,  FA,  PA,  and  TL, 
C++,  Java,  Visual  Basic,  ASP, 
VB-.NET,  Mercury  Test  Automation 
Tools,  Unix  and  Windows  NT/ 
2000.  MS/Equivalent  &  exp  in 
above  skills,  refer  AVA-SAi  106. 

2.  Oracle,  Sybase,  SQL  Server, 
Test  Director,  Win  Runner,  See- 
beyond,  RequisitePro,  Rational 
Test  Manager,  Toad,  J2EE, 
RMI,  Shell  Scripts,  C++, 
Unix  and  Windows  NT/2000. 
MS/Equiva-lent  &  exp  in  above 
skills,  refer  PREM-GAND107. 

3. J2EE,  M  VC,  00  AD 
Method-ology,  Web  Sphere, 
Web  Logic,  Tomcat,  Oracle 
Web  Application  Server,  Oracle, 
Sybase,  DB2,  and  Vignette  Content 
Suite,  TCL,  Visual  Cafe,  MQ 
Series,  Sun  Solaris  and  Windows 
NT/  2000.  MS/Equivalent 
W/2yrs  exp,  refer  CHAL-GUN108. 

4. J2EE,  MVC,  OOAD 
Method-ology,  SOAP,  Web 
Logic,  Tom-cat,  Oracle,  SQL 
Server,  ASP-. Net,  ADO. Net, 
VS. Net,  C#,  Rational  Rose, 
VSS,  Unix,  and  Windows 
NT/2000.  MS/Equiva-lent 
W/lyr  exp,  refer  VAT-MALA109 

5.  People  Soft  HRMS,  Oracle, 
Siebel,  Sybase,  DB2,  Weblogic, 
ISS,  WebSphere,  Test 
Director,  Win  Runner,  Load 
Runner,  Java,  ASP,  EJB,  VB 
Script,  Unix,  and  Windows 
NT/2000.  MS  /  Equiva-lent 
W/lyr  exp,  refer  DEVI-SRI112 

6.  J2EE  Framework,  Oracle, 
SQL,  C,  Lisp,  Test  Director,  Win 
Runner,  Load  Runner,  Respon-sys, 
Marketflrst,  EJB,  JSP,  and  Windows 
NT/2000.  MS/Equiva-lent  &  exp  in 
above  skills,  refer  SUB-RAM1 110. 

7.  Oracle,  SQL  Server,  J2EE, 
C++,  Apache,  Web  Logic,  Web 
Sphere,  VSS,  JBuilder,  Kawa, 
VSS,  XML,  Unix,  and  Windows 
NT/2000.  MS/Equivalent  &  exp 
in  above  skills,  refer  LADI-SRI114 

8.  Oracle,  TOAD,  SQL  Server, 
VS. Net,  VB.Net,  ASP.Net,  C#, 
J2EE,  Developer6i,  Erwin, 
Crys-tal  Reports,  ODBC, 
C++,  and  Windows  2000/XP. 
MS/Equiva-lent  with  1  yr  exp  in 
above  skills,  refer  KAND-SUR1 15. 
Will  provide  a  competitive  salary 
and  benefits.  Send  Resume  to 
Zeninfotech,  5800  Mill  Brook, 
Suite  A,  Shawnee,  KS  66218  or 
email  to  resumes@zeninfotech.com. 


Synerzy  Software  Solutions  Inc., 
needs  Sr  Software  Engr  with  the 
following  skills  in  Base  SAS,  SAS 
STAT,  SAS/GRAPH,  SAS/ACCESS, 
SAS/CONNECT.SAS/ETL, 
SAS/IntrNET,  SAS/Enterprise 
Miner.  SQL.  ORACLE,  PC 
environment,  Unix,  Mainframe 
environment  MS  in  CS  or  Equaling 
Degree  plus  1-2  yrs  exp  req'd 
depending  upon  the  position.  For 
some  positions  we  also  accept  any 
suitable  comb,  of  education,  training 
&  exp.  Travel  and/or  relocation 
required.  Send  resume  &  salary 
req.  to  HR  Manager,  Synerzy 
Software  Solutions  Inc,  1  Austin 
Ave,  2nd  Floor,  Iselin,  NJ  08830 


PROGRAMMER  ANALYST  II 
Mine  Safety  Appliances  Company 
in  Pittsburgh,  PA  seeks  a 
Programmer  Analyst  II  to  be  resp. 
for  the  installation,  operation  & 
maintenance  of  co’s  proprietary 
SAP-based  software  program.  Five 
yrs  exp.  in  position  offered  or  as 
Programmer  reqd.  Must  have  exp. 
w/SAP  R/3,  ABAP/4,  SAP  Script, 
business  application  program 
interfeces,  remote  function  calls  & 
User  Exits.  Must  know  (through 
academic  training  or  work  exp.) 
European  data  transfer  to  ensure 
compliance  w/Data  Protection 
Acts.  Please  visit  our  website  at 
www.msanet.com  to  apply. 


Senior  Software  Developer 

Develop  enterprise  scale 
applications  using  JAVA 
Framework  Objects/API.  Perform 
product  design,  bug  verification 
&  beta  support  in  Java  2 
Enterprise  Edition  environment 
using  Unified  Modeling  Language 
(UML),  Enterprise  JavaBeans 
(EJBs),  Java,  JDBC,  RMI,  Java 
Servlets,  Java  Server  Pages 
(JSP),  JavaScript,  HTML,  DHTML, 
XML,  Oracle/SQL.  Develop 
Business  components  using 
design  patterns.  Conduct 
systems  analysis  &  product 
development  throughout  full 
development  life  cycle  using 
Object  oriented  analysis  & 
design  (OOAD).  Work  extensively 
with  XML  (DTD's  &  schema's), 
transform,  map  &  translate  data 
from  different  systems,  code, 
document,  &  unit  test.  M.S.  in 
Computer  Science  &  6  mos. 
exp.  in  above  position  or  6  mos. 
exp.  in  Java  Framework 
Objects/API,  UML,  EJBs,  Java, 
JDBC,  Java  Servlets,  JSP, 
JavaScript,  HTML,  DHTML, 
XML,  Oracle/SQL,  OOAD. 
40  hrs/wk,  9-5.  Resume  to:  Mr. 
Vichael  Fleming,  Sr.  VP  of 
Engineering,  EPL  Inc.,  22 
Inverness  Center  Parkway,  Suite 
400,  Birmingham,  AL  35242 


Software  Engineer  needed 
w/Masters  or  Foreign  Equiv.  in 
Engg.  or  Comp.  Sci.  or  Math  & 
1  yr  exp.  ‘Will  accept  Bach  deg 
or  foreign  equiv.  in  Engg.  or 
Comp.  Sci.  or  Math  &  5  yrs  of 
progressive  work  exp  in  lieu  of 
Masters  or  Foreign  Equiv.  &  1 
yr  exp  to  dsgn  &  write  s/ware  for 
operation  on  proprietary  embedded 
processor  systm  for  monitoring 
mobile  &  fixed  assets,  globally 
using  C,  C++,  Assembler  for  Ti 
MSP  430,  Atmel  AVR,  Intel 
80188  microcontrollers,  Pascal, 
Borland  C,  Turbo  Pascal,  Delphi, 
VB,  D+,  Orbcomm,  Motorola  RF 
backbone,  Transcore,  GSM 
packets,  GPS  Technology  & 
radio  frequency  n/works.  Plan  & 
prep  tech'l  reports  &  instructional 
manuals.  Exp  as  Prgm  Mgr 
Embedded  Systms  or  Embedded 
Systms  Engr  is  acceptable.  Mail 
resumes  to:  Startrak  LLC,  106 
American  Rd.,  Morris  Plains,  NJ 
07950.  Job  loc:  Morris  Plains,  NJ 


Acme  Packet,  Inc.  seeks  a 
SYSTEMS  ENGINEER  at  its 
Burlington,  MA  location.  Travel 
to  customer  locations  to  consult 
with  customers  on  creating  and 
executing  test  plans  for  their 
specific  Acme  Packet  network 
deployments.  Advise  customers 
about  and  perform  maintenance 
of  software  systems.  Configure 
and  troubleshoot  customer  systems 
on-site  and  provide  follow-up 
support  for  open  issues. 
Work  with  Technical  Support 
team  to  transfer  knowledge  of 
customer's  configuration  and 
network  topology.  Minimum 
Requirements:  Master's  degree 
in  Computer  Science  or 
Telecommunications  Systems 
Management  or  equivalent, 
plus  technical  knowledge  of  the 
following:  Data  networking  and 
telephony  environments  with  an 
emphasis  on  Next  Generation 
IP  services  and  IP  Telephony 
Architectures  &  VoIP  protocols 
(SIP.  H.323,  MGCP,  RTP/RTCP). 
Piease  mail  resumes  with 
cover  letters  to:  Andre  Normand, 
Acme  Packet,  Inc.,  71  Third 
Avenue,  Burlington,  MA  01803. 


Thomson,  Inc.  is  seeking  a 
Test  Engineer  for  its  Salt  Lake 
City,  UT  location  to  establish 
test  methods,  test  fixture 
design  and  PCA  boundary 
scan  test  (IEEE  1149.x) 
implementation  into  the  Router 
and  Maestro  product  line. 
Must  have  a  Master  of 
Science  degree  or  equivalent 
in  Engineering  Technology  or 
related  field  plus  two  years  of 
experience  in  the  related 
occupation  of  R&D  hardware 
test  engineer.  Experience 
may  have  been  gained  prior 
to  completion  of  Master's 
degree.  Salary  commensurate 
with  experience.  Send  cover 
letter  and  resume  to  Thomson, 
Inc.,  Attn:  HR  -  Job  #  9022, 
10330  North  Meridian  Street, 
Indianapolis,  IN  46290-1976. 

BUSINESS  ANALYST  Cyber 
Technology  Group  (Iselin,  NJ) 
seeks  business  analysts  to  utilize 
knowledge  of  corporate  functions 
to  design,  develop,  and  implement 
web  and  client/server  applications 
in  the  area  of  business  information 
systems.  Design  and  develop 
detailed  functional  systems  by  using 
structured  design  methodologies. 
Gather  business  requirements. 
Conduct  business  analysis  using 
WebSphere,  WebLogic,  Power 
Builder,  Unix  and  Oracle.  Charles 
River  application  knowledge  is 
essential.  Competitive  salary.  Please 
apply  with  2  copies  of  resume  to  HRD, 
Cyber  Technology  Group,  200 
Middlesex  Essex  Turnpike,  Suite 
100,  Iselin,  New  Jersey  08830. 

Recruiting  Manager  needed 
w/Masters  in  Mgmt  of  Technology 
or  Info  Systms  Mgmt  &  lyr  exp  to 
analyze,  identify  &  qualify  info 
technology  for  fin'!  service  & 
insurance  industries  for  optimal 
performances  to  ensure  maximum 
profitability.  Gather  info  from 
users  to  dsgn  &  implmt  effective 
solutions  by  creating  business 
plans  &  functional  specs. 
Formulate,  execute  &  outsource 
business  strategy  for  IT  &  HR 
functions.  Recruit  &  interview 
qualified  candidates  as  per 
client  needs,  lyr  exp  as 
Technical  Recruiter  is  acceptable. 
Exp  prior  to  completion  of 
Masters  deg  is  acceptable.  Mail 
res  to:  STG,  Inc.,  910  Bergen 
Ave.,  Ste  #202,  Jersey  City,  NJ 
07308.  Job  loc:  Jersey  City,  NJ 

Thomson,  Inc.  is  seeking  a 
Layout  Engineer,  Member 
Technical  Staff  1  to  perform 
signal  integrity,  parasitic 
extraction  and  power  analysis 
on  standard  cell  1C  layouts 
pursuant  to  design  rules. 
Must  have  a  Master's  degree 
or  equivalent  in  electrical 
engineering  or  related  field 
plus  at  least  6  months  of 
experience  in  the  related 
occupation  of  extraction  and 
design  of  interconnect  circuits. 
Experience  may  have  been 
gained  prior  to  completion 
of  Master's  degree.  Salary 
commensurate  with  experience. 
Send  cover  letter  and  resume  to 
Thomson,  Inc.,  Attn:  HR  -  Job  # 
9019,  10330  North  Meridian 
Street,  Indianapolis,  IN  46290-1 976. 

Software  Developer  1  - 
Business  Tier 

Perform  product  design,  bug 
verification  &  beta  support  in 
J2EE  environment  using  Java, 
JDBC,  EJB,  RMI,  SQL  &  UML. 
Develop  business  components 
using  design  patterns.  Conduct 
systems  analysis  &  product 
development  throughout  the  full 
development  life  cycle.  B.S.  in 
Computer  Science,  or  Electronics 
Engineering.  Must  have  the 
ability  to  use  Java,  JDBC,  EJB, 
RMI,  SQL,  UML  &  design 
patterns.  40hrs/week,  9am- 
5pm.  Positions  available:  multiple. 
Resume  to:  Mr.  Vichael  Fleming, 
Sr.  VP  of  Engineering,  EPL  Inc., 
22  Inverness  Center  Parkway, 
Suite  400,  Birmingham,  AL  35242. 

Programmer  Analysts  (P/A)  & 
Software  Engineers  (S/E)  for 
Fremont,  CA.  P/A:  Design  & 
Develop  software  using  Oracle, 
PL/SQL,  Designer  2000,  Developer 
2000,  Erwin,  Sybase,  XML, 
Plumtree,  PVCS,  UNIX  Bachelors 
or  Eqv.  req'd  in  Computers,  Eng, 
Math  or  related  field  +2  yrs  of  related 
exp.  S/E:  Design,  develop  &  test 
software  using  Java,  C,  C++, 
Oracle,  VB,  Tuxedo,  Clear  Case, 
Edipse,  Corba,  RMI,  RUR;  Masters 
or  Eqv.**  req’d  in  Computers,  Eng, 
math  or  related  field  of  study  +  1  yr 
of  related  exp.  (**Eqv:  Bachelors  or 
Eqv  +  5  yrs  of  progressive  related 
work  exp.).40  hrs/Wk.  Must  have 
legal  authority  to  work  permanently 
in  the  U.S.  Send  resume  to  HR, 
Globalways,  Inc.,  42808  Christy 
St  Suite  1 00  Fremont,  CA  94538 

Computer  Software  Engineer 
sought  by  Alphatrac,  Inc.  in 
Westminster,  CO  to  develop  a 
real-time  GIS-based  atmospheric 
modeling  system  for  an  MS 
Windows-based  implementation 
using  ESRI-based  (ArcView) 
approaches  to  the  GIS.  Requires 
master's  in  Electronics  Engineering 
or  related  field,  4  yrs  exp.  in  the 
job  offered  or  as  a  Systems 
Analyst,  and  working  knowledge 
of  DES,  Triple  DES  &  RSA, 
C  &  C++  for  UNIX  &  Windows, 
C#,  Visual  Basic,  SQL  Server 
&  Microsoft  Access.  To  apply 
mail  resume  to  Christine 
Bennett,  Alphatrac,  Inc., 
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MySQL 

signed  to  support  “very  mod¬ 
ern,  what  some  call  ‘Web  2.0,’ 
types  of  applications,”  Mickos 
said. 

MySQL  is  unusual  among 
database  vendors  in  that  it  lets 
users  easily  switch  between 
underlying  storage  engines. 
That’s  a  big  plus  in  the  eyes  of 
David  Krings,  a  Web  developer 
at  Ingersoll-Rand  Co. 

Krings  currently  uses 
MylSAM,  a  third-party 
product  that  is  shipped  with 
MySQL  as  its  default  storage 
engine.  But  he  said  he  would 
welcome  the  availability  of 
more  engines. 

He  added  that  he  values 
“platform  flexibility  over  ul¬ 
timate  performance”  for  the 
databases  at  Ingersoll-Rand, 
a  Hamilton,  Bermuda-based 
manufacturing  conglomerate. 

Mickos  said  MySQL  wants 


More  Technology 

At  its  user  conference  this 
week,  MySQL  AB  also  plans  to: 

■  Demonstrate  a  MySQL 
5.1  beta  release  with  new 
functionality  in  areas  such 
as  business  intelligence 
and  high  availability. 

■  Announce  enhancements 
to  the  MySQL  Network 

that  are  aimed  at  helping 
database  administrators  at 
smaller  companies. 

■  Preview  MySQL  Work¬ 
bench,  an  upcoming  data¬ 
base  design  tool  with  a 
graphical  user  interface. 


to  increase  the  number  of 
available  engines  in  order  to 
boost  the  appeal  of  its  data¬ 
base  to  customers  that  are 
moving  to  service-oriented 
architectures. 

“We’ll  let  users  switch  be¬ 
tween  a  V-4  engine  and  a  V-12 


without  having  to  get  out  of 
their  car,”  he  said. 

Currently,  the  most  popular 
storage  engine  for  MySQL  is 
InnoDB,  which  was  developed 
by  Innobase  Oy  in  Helsinki, 
Finland.  Oracle  bought  Inno¬ 
base  last  October,  sparking 
fears  that  MySQL  users  might 
be  cut  off  from  using  InnoDB. 

Then,  in  February,  Oracle 
acquired  Sleepycat  Software 
Inc.,  a  Lincoln,  Mass.-based 
company  that  had  also  de¬ 
veloped  a  storage  engine  for 
MySQL. 

Earlier  this  month,  Oracle 
agreed  to  continue  develop¬ 
ing  InnoDB  for  MySQL  for  an 
undisclosed  number  of  years. 
Even  so,  many  users  are  seek¬ 
ing  alternatives  to  InnoDB, 
according  to  Mickos,  who  con¬ 
firmed  reports  that  he  recently 
turned  down  a  buyout  offer 
from  Oracle. 

Jeremy  Cole,  a  former 
MySQL  employee  who  now 
oversees  about  8,000  instal¬ 


lations  of  the  open-source 
database  at  Yahoo  Inc.,  said 
the  company  uses  MylSAM 
for  applications  that  mostly  re¬ 
quire  data  reads,  and  InnoDB 
in  cases  where  many  end  users 
may  be  writing  information  to 
the  database  simultaneously. 

Cole  called  InnoDB  a  “great” 
technology.  But  he  also  said  it 
is  “somewhat  poorly  integrat¬ 
ed”  with  MySQL,  lacks  fea¬ 
tures  such  as  full-text  search 
and  online  configuration 
changes,  and  has  weak  support 
for  referential  integrity. 

“If  a  new  storage  engine 
offered  InnoDB’s  current  fea¬ 
ture  set  without  those  prob¬ 
lems  and  was  stable,  I  would 
switch  in  a  heartbeat,”  Cole 
said.  He  added,  however,  that 
he  doesn’t  expect  any  new 
storage  engines  “to  really  be 
ready  for  use  for  another  year 
or  so.” 

Solid  Information  Technol¬ 
ogy  Inc.,  a  Cupertino,  Calif.- 
based  maker  of  embedded 


and  in-memory  databases,  last 
week  said  it  is  developing  an 
open-source  storage  engine 
that  will  work  with  MySQL. 

A  prototype  is  due  for  release 
today,  and  the  company  said  it 
plans  to  start  beta-testing  the 
software  in  July.  Commercial 
shipments  are  expected  to  be¬ 
gin  in  the  fourth  quarter. 

At  this  week’s  user  confer¬ 
ence,  several  other  vendors 
and  open-source  projects  are 
expected  to  announce  plans  to 
build  MySQL  storage  engines, 
Mickos  said,  but  he  declined  to 
identify  the  companies. 

Like  Cole,  Boyd  Hemphill,  a 
database  administrator  at  the 
Texas  Region  XIII  Education 
Service  Center  in  Austin,  uses 
both  InnoDB  and  MylSAM. 

But  Hemphill  said  he  isn’t 
looking  to  make  any  changes. 

“Unless  somebody  shows 
me  a  storage  engine  that  really 
blows  my  socks  off,”  he  said, 
“I’ve  got  too  much  invested  in 
these  already  to  switch.”  * 


100  Years  After  San  Francisco 
Quake,  IT  Units  Are  Prepared 


BY  SHARON  FISHER 

The  earthquake  that  destroyed 
much  of  San  Francisco  100 
years  ago  last  week  wasn’t  a 
one-shot  disaster.  The  U.S. 
Geological  Survey  estimates 
that  there’s  a  62%  chance  an 
earthquake  similar  in  scope  to 
the  one  on  April  18, 1906,  will 
hit  the  San  Francisco  Bay  area 
during  the  next  30  years. 

And  lest  Southern  Califor¬ 
nians  get  too  sanguine,  the 
probability  is  the  same  for  a 
similarly  strong  quake  there  in 
the  same  time  span. 

With  that  in  mind,  IT  man¬ 
agers  at  HOB  Entertainment 
Inc.  in  Hollywood  are  discuss¬ 
ing  whether  to  replicate  the 
company’s  data  to  a  remote  fa¬ 
cility  in  Quincy,  Wash.,  where 
it  operates  an  amphitheater 
complex. 


“It’s  a  great  location  for 
collocation,”  said  Adrian 
Black,  manager  of  network 
operations  in  the  department 
of  information  systems  and 
technology  at  HOB.  “That  is 
such  a  remote  location,  and  we 
own  the  buildings.” 

The  Quincy  facility  al¬ 
ready  houses  a  T1  line,  and  a 
lOOMbit/sec.  Internet  connec¬ 
tion  is  about  to  be  installed 
there,  Black  said. 

HOB,  which  operates  the 
House  of  Blues  clubs  plus 
other  performance  venues,  is 
concerned  that  an  earthquake 
could  cause  significant  dam¬ 
age  to  its  headquarters  in  an  18- 
story  building,  Black  said.  He 
noted  that  the  facility  houses 
HOB’s  central  IT  operations 
and  that  the  company’s  key  fi¬ 
nancial,  accounting,  legal  and 


marketing  applications  are  all 
run  on  systems  at  the  site. 

Earthquake  fears,  along 
with  a  move  by  IT  manager 
Sean  Anderson  to  work  re¬ 
motely  in  Washington  state, 
triggered  Irvine,  Calif.-based 
Comarco  Inc.  to  build  a  disas¬ 
ter  recovery  center  in  Spokane 
late  last  year. 

The  decision  came  about 
two  years  after  Anderson 
moved  there  when  his  South- 


»Most  of  the  stuff  I 
worry  about 
in  terms  of  real-time 
recovery  are  small 
kinds  of  disasters. 


STEVEN  PERRY,  IT  DIRECTOR, 
COSTELLO  &  SONS  INSURANCE 
BROKERS  INC. 


ern  California  home  was 
destroyed  by  wildfires.  “Since 
I’m  up  here  and  electricity  is 
cheap  in  Spokane  and  rental 
space  is  cheap,  it  made  sense,” 
Anderson  said. 

Once  it’s  completed,  the 
Comarco  disaster  recovery 
system  will  replicate  its 
mission-critical  software, 
which  includes  MK  Enterprise 
ERP  software  from  SSA  Global 
Technologies  Inc.,  data  stored 
on  its  SQL  Server  database, 
engineering  source  code  and 
Exchange  e-mail  data. 

Comarco,  a  provider  of  wire¬ 
less  products  and  services,  in 
November  installed  a  disaster 
recovery  system  from  Double- 
Take  Software  and  is  gradually 
replicating  more  and  more  data. 

San  Rafael,  Calif.-based 
Costello  &  Sons  Insurance 
Brokers  Inc.,  which  provides 
liability  insurance  for  tech¬ 
nology  firms,  has  a  four-part 
disaster  recovery  method  that 
should  provide  adequate  secu¬ 
rity  to  the  company’s  data  in 
the  event  of  a  minor  disaster, 


but  not  necessarily  a  major  one, 
said  IT  director  Steven  Perry. 

First,  the  company  has 
redundant  servers  in  its  head¬ 
quarters  offices,  and  second, 
all  the  data  is  backed  up  to 
tape  at  an  off-site  location  in 
a  bank  vault  across  San  Fran¬ 
cisco  Bay,  Perry  said. 

The  third  part  of  the  securi¬ 
ty  plan  requires  all  workers  to 
use  removable  external  hard 
drives,  while  the  final  disaster 
recovery  system  is  what  Perry 
called  a  “doomsday  book”  —  a 
laptop  with  a  100GB  drive  and 
enough  batteries  to  run  the 
business  for  about  a  day.  The 
laptop  is  taken  off-site  each  day. 

Perry  acknowledged  that 
the  strategy  may  not  keep  the 
company  running  through  ma¬ 
jor  disasters.  “Most  of  the  stuff 
I  worry  about  in  terms  of  real¬ 
time  recovery  are  small  kinds 
of  disasters,”  he  said,  adding 
that  during  “big-time  disasters, 
I  tend  to  think  we  would  be  off¬ 
line  for  more  than  the  amount 
of  time  that  having  instanta¬ 
neous  recovery  requires.”  > 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 

Return  to  Normal 


THINGS  should  start  getting  back  to  normal  this  week  at 
New  Hampshire’s  Office  of  Information  Technology. 
There  was,  it  seems,  no  hacker  attack  on  a  state  server  af¬ 
ter  all.  The  Cain  &  Abel  tool  wasn’t  used  to  grab  credit 
and  debit  card  numbers.  It  turns  out  the  whole  thing  was 
probably  just  a  misunderstanding  (see  story,  page  16). 

That  could  have  been  avoided  —  should  have  been,  in  fact.  But  once 
it  looked  like  there  was  a  security  breach,  the  OIT  did  the  right  thing 
by  going  public  with  the  news. 

Now  it’s  time  to  do  something  else  right:  Document  everything. 


Yes,  that  does  sound  pretty  dull.  But  it  would 
have  avoided  lots  of  the  wrong  kind  of  excite¬ 
ment.  For  those  who  haven’t  followed  the  story, 
on  Feb.  15,  the  OIT  announced  that  the  Cain  & 
Abel  password-recovery  tool  had  been  discov¬ 
ered  on  a  server  during  a  security  sweep.  Cain  & 
Abel  has  been  used  by  attackers  in  the  past,  and 
OIT  officials  feared  the  worst.  They  notified  the 
public,  warned  potential  victims,  called  in  the 
FBI  and  launched  an  investigation. 

They  also  reportedly  placed  OIT  employee 
Douglas  A.  Oliver  on  leave.  He  later  told  Comput- 
erworld  that  he’d  installed  Cain  &  Abel  as  part  of 
a  security  test.  Oliver  said  last  week  that  he  has 
been  cleared  to  return  to  work  April  25. 

According  to  Oliver,  in  early  February,  OIT  se¬ 
curity  testers  using  Cain  &  Abel  and  other  tools 
discovered  a  slew  of  problems  on  state  servers: 
DNS  cache  poisoning,  unencrypted  administra¬ 
tive  password  files,  still-active  accounts  for  ex¬ 
employees  and  a  SQL  Slammer  worm  infestation. 

On  Feb.  10,  OIT  workers  began  to  patch  all 
the  state’s  SQL  Server  installations  to  block  SQL 
Slammer.  On  Feb.  15,  the  state  announced  the 
Cain  &  Abel  “breach,”  and  Oliver  was  put  on  paid 
leave  two  days  later. 

Why  was  Oliver  fingered?  Proba¬ 
bly  because  he  installed  Cain  &  Abel 
under  his  security  credentials,  just  as 
he  was  supposed  to.  But  why  did  the 
OIT  identify  Cain  &  Abel  as  the  big 
problem  rather  than  SQL  Slammer, 
which  posed  a  more  direct  threat? 

It’s  hard  to  say  for  sure,  because 
OIT  officials  aren’t  talking.  It  might 
have  been,  say,  a  clever  ruse  to 
mislead  potential  attackers.  More 
likely,  executive-level  types  were  just 
confused  over  what  kind  of  malware 
was  involved,  who  might  have  put  it 
on  the  state’s  systems,  and  how  and 
where  the  real  risks  were. 


No  matter.  Confused  or  not,  those  officials 
didn’t  try  to  cover  up  the  problem.  They  took 
quick  action  and  risked  embarrassment  by  going 
public.  Good  for  them. 

But  now  that  the  security  mess  appears  to  be 
cleaned  up,  there’s  something  they  should  do  to 
prevent  future,  um,  excitement. 

They  should  make  sure  that  everything  on  pro¬ 
duction  servers  is  documented.  That  all  changes 
are  logged.  And  that  those  logs  are  kept  secure, 
so  they’ll  actually  be  useful  next  time  there’s 
something  to  investigate. 

Full  documentation  of  what  went  on  the  serv¬ 
ers,  and  when,  would  have  cleared  Oliver  by  con¬ 
firming  when  and  why  he  installed  Cain  &  Abel. 
Inventories  would  have  allowed  OIT  staffers  to 
identify  anything  else  on  the  servers  that  wasn’t 
an  authorized  installation.  Checksums  would 
have  helped  spot  modules  that  were  infected  by 
malware  or  replaced  by  intruders. 

And  full  documentation  doesn’t  just  help 
against  old-style  threats  like  SQL  Slammer.  Root- 
kits,  the  hot  new  problem,  are  designed  to  be 
hard  to  spot.  Knowing  what  an  uninfected  sys¬ 
tem  is  supposed  to  look  like,  down  to  the  details, 
gives  IT  people  a  fighting  chance  at  catching  and 
dealing  with  a  rootkit. 

Sure,  keeping  tight  control  over 
what’s  on  servers  will  be  more  work. 
But  the  OIT  already  knows  that  pro¬ 
cedures  have  to  be  tightened  up  — 
remember  those  unencrypted  pass¬ 
words  and  ex-employee  accounts? 
With  today’s  security  threats,  such 
safeguards  are  no  longer  optional. 

Think  of  them  as  IT’s  version  of 
Sarbanes- Oxley,  only  a  lot  more 
useful  than  the  real  Sarb-Ox.  Those 
controls  are  the  price  the  OIT  — 
and  all  IT  people  —  will  have  to  pay 
if  we  really  want  to  ever  get  things 
back  to  normal  again. » 


FRANK  HAYES,  Computer- 
world's  senior  news  columnist, 
has  covered  IT  for  more  than 
20  years.  Contact  him  at  frank. 
hayss@compuferworld.com. 


Easier  Said  Than  Done 

On  this  city  governmlit’s  old  mainframe,  printing  out 
monthly  financial  statements  requires  running  mul¬ 
tiple  programs  and  swapping  out  more  than  a  dozen 
reels  of  tape.  “Of  course,  the  end  users  are  totally 
oblivious  to  the  behind-the-sc«es  mechanics,”  says 
a  pilot  fish  there.  “One  day,  the  IT  boss  is  filling  in  for 
the  computer  operator,  who’s  on  vacation.  The  city 
comptroller  walks  into  the  computer  room  and  says, 
‘OK,  Fred,  push  the  button  and  let  ’er  run.' " 
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Too  Much 

This  database 
administrator 

-  “he  describes 
himself  as  ‘not 

just  a  DBA/ "reports 
a  pilot  fish  in  the  know 

-  wants  to  remove  an 
error  code  on  an  Oracle 
system  because  he’s 
sure  the  system  is 
wrong  and  he’s  right. 
“He  described  the  prob¬ 
lem  to  his  assistant  DBA, 
who  didn’t  argue  with 
him,”  says  fish.  “Then 
he  asked  his  supervi¬ 
sor  for  permission  to 
remove  the  error  code. 


the  evil  e-mails 
was  a  little  too 
subtle  for  some 
users.” 


Too  Hasty 

User  calls  help  desk  pi¬ 
lot  fish  about  a  problem 
with  his  BlackBerry  de¬ 
vice.  “I  told  him  I  need 
the  make,  model  and 
serial  number,”  says 
fish.  User:  I  don’t  know 
where  I  can  find  that. 
Fish:  Just  pull  out  the 
battery  and  it  should  be 
right  underneath  there. 
The  line  goes  dead,  and 
fish  realizes  what’s 


He  told  his  boss  that  the  wrong.  “He  was  talk- 
system  was  erroring  ing  on  the  BlackBerry," 


when  a  number  was 
divided  by  zero  -  ‘and 
everyone  knows  that 
five  divided  by  zero  is 
one.’  ” 

Too  Subtle 

IT  guy  sends  an  e-mail 
to  the  whole  company. 
Subject:  Phishing  ex¬ 
amples.  “He  described 
two  classic  examples 
of  convincing  phishing 
attacks,”  says  a  pilot 
fish  who  got  the  mes¬ 
sage.  “He  attached  the 
two  original  e-mails, 
and  also  included  the 
directive,  ‘Notice  where 
the  links  take  you.’ 

Less  than  an  hour  later 
came  the  follow-up 
e-mail:  ‘DON'T  CLICK 
THE  LINKS.’ I  guess  his 
original  description  of 


groans  fish.  “He  called 
back  and  said,  ‘I  think 
I  disconnected  myself 
with  that  BlackBerry  is¬ 
sue.’  I  guess  this  is  why 
we  all  have  jobs.” 

Too  Thorough 

Support  pilot  fish  gets 
a  trouble  ticket  for  a 
hard-drive  failure,  so 
he  calls  the  user.  Fish: 
“Why  do  you  think  your 
hard  drive  is  bad?” 

User:  Because  I  can 
see  the  scratches  on 
the  platters.  Says  fish, 
“After  a  quick  trip  to  the 
user’s  office,  I  quickly 
confirmed  his  drive 
was  dead  -  now.  He  sat 
proudly  at  his  desk  hold¬ 
ing  the  stack  of  platters 
from  the  hard  drive  he’d 
disassembled.” 
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©ASSEMBLE  YOUR  TRUE  TALE  OF  IT  LIFE  and 

send  it  to  me  at  sharky@computerworld.com. 
You'll  score  a  sharp  Shark  shirt  if  I  use  it.  And  check  out 
Sharky's  biog,  browse  the  Sharkives  and  sign  up  tor  Shark 
Tank  home  delivery  at  computerworld.com/sharky. 
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Oracle  Fusion  Middleware 


Hot-Pluggable 


BEA  £ 

WebLogie 
Server 


So  Standard,  It's  Hot-Pluggable 
With  Your  Existing  Software 


J2EE  —  Enterprise  Portal  —  Identity  Management — Integration  —  Data  Hub  —  Business  Intelligence 


oracle.com/middleware 
or  call  1.800.0RACLE.1 
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